Troubleshooting Splunk
page-template-default,page,page-id-15553,page-child,parent-pageid-9404,ajax_fade,page_not_loaded,,qode-theme-ver-1.5,wpb-js-composer js-comp-ver-4.3.5,vc_responsive

Troubleshooting Splunk

This 2 day course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise.

It is a lab-oriented class designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system and simulated case logs.

This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.

Unit: 2
Duration: 9 hours
Time: 9am – 1:30pm AEST (GMT +10)
Cost: AUD 1440.00 ex GST

Course Topics

Splunk Support Model
Splunk Troubleshooting Methods and Tools
Clarifying the Problem
Installation, Licensing, and Crash Problems
UI and Search Problems
Configuration Problems
Deployment Problems
User Management Problems

After Completing this Course you will be able to:

Understand the Splunk Support Model and its resources
Identify the best practices for troubleshooting Splunk Enterprise
List ways to gather useful Splunk diagnostic information
Use Splunk diagnostic tools
Identify common Splunk technical issues and solutions

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Prerequisites

Fundamentals 1
Fundamentals 2
Splunk System Administration
Splunk Data Administration

Course Objectives

Module 1 – Splunk Support Model

Splunk support resources

Module 2 – Splunk Troubleshooting Methods and Tools

Splunk troubleshooting methodology
Splunk diagnostic tools

Module 3 – Clarifying the problem

Splunk Topology
Index-time pipeline
Search-time pipeline

Module 4 – Installation, Licensing and Crash problems

Installation issues
License issues
Crash issues

Module 5 – Configuration problems

Input issues
Configuration Precedence

Module 6 – UI and Search problems

Search issues
Dashboard issues

Module 7 – Deployment problems

Forwarding issues
Distributed search issues
Deployment server issues

Module 8 – User Management problems

Splunk users and role capabilities
Directory integration issues


Anyone within a technical role who is involved in the Administration of Splunk within their organisation or are looking to become Architect II certified. Previous Attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects

Related Certifications

Troubleshooting Splunk Course Dates

Troubleshooting Splunk – 27th-28th February

This 2-virtual day course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed…

Training Calendar