Troubleshooting Splunk - Splunk Courses
page-template-default,page,page-id-15553,page-child,parent-pageid-9404,ajax_fade,page_not_loaded,,qode-theme-ver-1.5,wpb-js-composer js-comp-ver-4.3.5,vc_responsive

Troubleshooting Splunk

This 2 day course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise.

It is a lab-oriented class designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system and simulated case logs.

This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.

Units : 2
Duration : 9 hours over 2 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)
Cost : AUD 1,724.00 ex GST*

*Discounts apply for Splunk Partners.

Course Topics

Splunk Support Model
Splunk Troubleshooting Methods and Tools
Clarifying the Problem
Installation, Licensing, and Crash Problems
UI and Search Problems
Configuration Problems
Deployment Problems
User Management Problems

After completing this course you will be able to:
  • Understand the Splunk Support Model and its resources
  • Identify the best practices for troubleshooting Splunk Enterprise
  • List ways to gather useful Splunk diagnostic information
  • Use Splunk diagnostic tools
  • Identify common Splunk technical issues and solutions
Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Prerequisites
  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration
Course Objectives

Module 1 – Splunk Support Model

Splunk support resources

Module 2 – Splunk Troubleshooting Methods and Tools

Splunk troubleshooting methodology
Splunk diagnostic tools

Module 3 – Clarifying the problem

Splunk Topology
Index-time pipeline
Search-time pipeline

Module 4 – Installation, Licensing and Crash problems

Installation issues
License issues
Crash issues

Module 5 – Configuration problems

Input issues
Configuration Precedence

Module 6 – UI and Search problems

Search issues
Dashboard issues

Module 7 – Deployment problems

Forwarding issues
Distributed search issues
Deployment server issues

Module 8 – User Management problems

Splunk users and role capabilities
Directory integration issues


Anyone within a technical role who is involved in the Administration of Splunk within their organisation or are looking to become Architect II certified. Previous Attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects

Related Certifications

Troubleshooting Splunk Course Dates

View cart “Troubleshooting Splunk – 27-28 August” has been added to your cart.

Troubleshooting Splunk – 27-28 August

This 2-virtual day course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed…

Training Calendar