Duration:  16 hour

Objectives:

What you’ll learn:

• Understand sourcetypes
• Manage and deploy forwarders with Forwarder Management
• Configure data inputs
   - File monitors – Network inputs (TCP/UDP)
   - Scripted inputs
   - HTTP inputs (via the HTTP Event Collector)

•  Customize the input phase parsing process
• Transformations to modify raw data before it is indexed
• Search time field extractions

Prerequisites:

• Strongly Recommended:
   - Splunk Enterprise System Administration

Course outlines:

1.      Module 1: Introduction to Data Administration

2.      Module 2: Getting Data In - Staging

3.      Module 3: Forwarder Configuration

4.      Module 4: Forwarder Management

5.      Module 5: Monitor Inputs

6.      Module 6: Network and Scripted Inputs

7.      Module 7: Agentless Inputs

8.      Module 8: Metrics

9.      Module 9: Fine-tuning Inputs

10.  Module 10: Parsing Phase and Data Preview

11.  Module 11: Manipulating Raw Data

12.  Module 12: Supporting Knowledge Objects

13.  Module 13: Some Extra Tips