Go to main content

Splunk certified study guide : prepare for the User, Power User, and Enterprise Admin certifications / Deep Mehta.

Mehta, Deep, author.
2021
QA76.9.D32
Available Online
Formats
Format
BibTeX
MARCXML
TextMARC
MARC
DublinCore
EndNote
NLM
RefWorks
RIS
Add to Basket

Linked e-resources

Linked Resource
Online Access
Concurrent users
Unlimited
Authorized users
Authorized users
Document Delivery Supplied
Can lend chapters, not whole ebooks

Details

Title
Splunk certified study guide : prepare for the User, Power User, and Enterprise Admin certifications / Deep Mehta.
Author
Mehta, Deep, author.
ISBN
9781484266694 (electronic bk.)
1484266692 (electronic bk.)
9781484266700 (print)
1484266706
1484266684
9781484266687
DOI
https://doi.org/10.1007/978-1-4842-6669-4
Published
[Berkeley, CA] : Apress, [2021]
Language
English
Description
1 online resource (439 pages)
Item Number
10.1007/978-1-4842-6669-4 doi
Call Number
QA76.9.D32
Dewey Decimal Classification
006.3/12
Summary
Make your Splunk certification easier with this exam study guide that covers the User, Power User, and Enterprise Admin certifications. This book is divided into three parts. The first part focuses on the Splunk User and Power User certifications starting with how to install Splunk, Splunk Processing Language (SPL), field extraction, field aliases and macros, and Splunk tags. You will be able to make your own data model and prepare an advanced dashboard in Splunk. In the second part, you will explore the Splunk Admin certification. There will be in-depth coverage of Splunk licenses and user role management, and how to configure Splunk forwarders, indexer clustering, and the security policy of Splunk. You'll also explore advanced data input options in Splunk as well as .conf file merging logic, btool, various attributes, stanza types, editing advanced data inputs through the .conf file, and various other types of .conf file in Splunk. The concluding part covers the advanced topics of the Splunk Admin certification. You will also learn to troubleshoot Splunk and to manage existing Splunk infrastructure. You will understand how to configure search head, multi-site indexer clustering, and search peers besides exploring how to troubleshoot Splunk Enterprise using the monitoring console and matrix.log. This part will also include search issues and configuration issues. You will learn to deploy an app through a deployment server on your client instance, create a server class, and carry out load balancing, socks proxy, and indexer discovery. By the end of the Splunk Certified Study Guide, you will have learned how to manage resources in Splunk and how to use REST API services for Splunk. This section also explains how to set up Splunk Enterprise on the AWS platform and some of the best practices to make them work efficiently together. The book offers multiple choice question tests for each part that will help you better prepare for the exam. You will: Study to pass the Splunk User, Power User, and Admin certificate exams Implement and manage Splunk multi-site clustering Design, implement, and manage a complex Splunk Enterprise solution Master the roles of Splunk Admin and troubleshooting Configure Splunk using AWS.
Bibliography, etc. Note
Includes bibliographical references and index.
Access Note
Access limited to authorized users.
Digital File Characteristics
text file
PDF
Source of Description
Description based on print version record.
Available in Other Form
Splunk Certified Study Guide : Prepare for the User, Power User, and Enterprise Admin Certifications.
Linked Resources
Online Access
Record Appears in
Online Resources > Ebooks
All Resources
Intro
Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Part I: Splunk Architecture, Splunk SPL (Search Processing Language), and Splunk Knowledge Objects
Chapter 1: An Overview of Splunk
Overview of the Splunk Admin Exam
Structure
Requirements
Blueprint
An Introduction to Splunk
The History of Splunk
The Benefits of Splunk
The Splunk Architecture
Installing Splunk
Installing Splunk on macOS
Installing Splunk on Windows
Adding Data in Splunk
Summary
Multiple-Choice Questions

Further Reading
Chapter 2: Splunk Search Processing Language
The Pipe Operator
Time Modifiers
Understanding Basic SPL
Search Language Syntax
Boolean Operators in Splunk
Syntax Coloring in SPL
Sorting Results
Sort
Filtering Commands
where
dedup
head
tail
Reporting Commands
top
rare
history
table
stats
Aggregate Functions
Event Order Functions
Multivalue stats and chart Functions
Timechart Functions
untable
chart
timechart
Filtering, Modifying, and Adding Fields
eval
Comparison and Conditional Functions

Conversion Functions
Cryptographic Functions
Date and Time Functions
Informational Functions
Mathematical Functions
Multivalue eval Functions
Statistical eval Functions
Text Functions
Trigonometric and Hyperbolic Functions
Rex
lookup
Input Lookup
Output Lookup
Field
Grouping Results
Transaction
Summary
Multiple-Choice Questions
References
Chapter 3: Macros, Field Extraction, and Field Aliases
Field Extraction in Splunk
Regular Expressions
Regular Expression Using Field Extraction
Inline Regular Expression Using Field Extraction

Delimiters
Delimiters Using Field Extraction
Macros
Create a Macro Using Splunk Web
Create a Macro Using the .conf File
Field Aliases in Splunk
Setting up Field Aliases
Splunk Search Query
Summary
Multiple Choice Test Questions
References
Chapter 4: Tags, Lookups, and Correlating Events
Splunk Lookups
Looking up Table Files
Lookup Definitions
Automatic Lookups
Splunk Tags
Create Tags in Splunk Using Splunk Web
Tag Event Types in Splunk Web
Reporting in Splunk
Creating Reports in Splunk Web
Report Acceleration in Splunk

Creating Report Acceleration
Scheduling a Report in Splunk
Alerts in Splunk
Create Alerts in Splunk Using Splunk Web
Cron Expressions for Alerts
Summary
Multiple-Choice Questions
References
Chapter 5: Data Models, Pivot, and CIM
Understanding Data Models and Pivot
Datasets and Data Models
Creating Data Models and Pivot in Splunk
Creating New Datasets
Predicting a Sales Pattern
Event Actions in Splunk
GET Workflow Actions
Defining a GET Workflow Action
Search Workflow Action
Defining Search Workflow Action
Common Information Model in Splunk

Browse Subjects

Show more subjects...

Statistics

from
to
Export