My CartLog in
Splunk by Cisco
General
The Splunk Platform
Splunk Enterprise Cluster Administration (SP-SCLA)
Download pdf
About the course

The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment.


Prerequisites

To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:

  • Intro to Splunk (ITS)
  • Using Fields (SUF)
  • Introduction to Knowledge Objects (Retired)
  • Creating Knowledge Objects (CKO)
  • Creating Field Extractions (CFE)
  • Splunk Enterprise System Administration (SESA)
  • Splunk Enterprise Data Administration (SEDA)
  • Troubleshooting Splunk Enterprise (TSE)


Additional courses and/or knowledge in these areas are also highly recommended:

  • Enriching Data with Lookups (EDL)
  • Data Models (SDM)
Course content

Module 1 – Overview of Large-scale Splunk Deployment

Identify factors that affect large-scale deployment design

Describe approaches to scaling Splunk Enterprise

Configure Splunk License Manager


Module 2 – Deploying Single-site Indexer Clusters

Identify indexer cluster states

Define replication factor and search factor

Implement a single-site indexer cluster


Module 3 – Deploying Multisite Indexer Clusters

Define site replication factor and site search factor

Define search affinity

Implement a multisite indexer cluster


Module 4 – Updating Indexer Cluster Peer Configurations

Distribute configurations and apps across peers


Module 5 - Managing and Monitoring Indexer Clusters

Enable replication for clustered indexes

Configure Monitoring Console for indexer cluster environment


Module 6 – Configuring Indexer Discovery on Forwarders

Configure indexer discovery

Configure indexer acknowledgment

Configure forwarder site failover


Module 7 – Deploying Search Head Cluster

Configure a search head cluster

Connect clustered and non-clustered indexers


Module 8 – Managing and Monitoring Search Head Clusters

Deploy configuration bundles to search head cluster members

Manage captaincy and member addition, removal and upgrades


Module 9 – Using KV Store in a Search Head Cluster

Enable KV Store collection replication in a search head cluster

Monitor KV Store status with Monitoring Console

Who Should Attend

Splunk administrators.