Duration:  16 hour

Objectives:

What you’ll learn:

• Understand sourcetypes
• Manage and deploy forwarders with Forwarder Management
• Configure data inputs
   - File monitors – Network inputs (TCP/UDP)
   - Scripted inputs
   - HTTP inputs (via the HTTP Event Collector)

•  Customize the input phase parsing process
• Transformations to modify raw data before it is indexed
• Search time field extractions

Prerequisites:

• Strongly Recommended:
   - Splunk Enterprise System Administration

Course outlines:

1. Module 1: Introduction to Data Administration

2. Module 2: Getting Data In - Staging

3. Module 3: Forwarder Configuration

4. Module 4: Forwarder Management

5. Module 5: Monitor Inputs

6. Module 6: Network and Scripted Inputs

7. Module 7: Agentless Inputs

8. Module 8: Metrics

9. Module 9: Fine-tuning Inputs

10. Module 10: Parsing Phase and Data Preview

11. Module 11: Manipulating Raw Data

12. Module 12: Supporting Knowledge Objects

13. Module 13: Some Extra Tips