Syllabus

---

Day 1: Getting Started with Splunk (Create Account, Download Splunk & Universal Forwarder)

Day 2: Setting Up Your Environment (Request Developer License, AWS EC2 Instances, and Tools)

Day 3: Installing Splunk Components (Install Splunk Enterprise and Universal Forwarder)

Day 4: Configuring Basic Connections (Connect UF to Indexer, Search Head to Indexer).

Day 5: Creating and Managing Indexes (Index Creation via Web, Conf, CLI)

Day 6: Data Upload and Monitoring (Upload Sample Data, Monitor Files, Search Data)

Day 7: Splunk Deployment Models (Standalone, Distributed, and Clustered Deployments)

Day 8: Understanding Splunk's Components (Why We Need Multiple Components)

Day 9: What Data Can Be Indexed? (Understanding the Types of Data)

Day 10: Data Onboarding Overview (High-Level View of Data Input)

Day 11: Data Handling in Splunk (How Splunk Manages Data - Standalone)

Day 12: Data Storage in Splunk (How Splunk Stores Data - Standalone)

Day 13: Monitoring Files and Directories (Via Splunk Web, CLI, and Config Files)

Day 14: Input Path Wildcards (Using Wildcards for Input Paths)

Day 15: Managing Incoming Data (Include or Exclude Specific Data)

Day 16: Handling Log Rotation (How Splunk Manages Log File Rotation)

Day 17: Discarding Specific Events (Managing Event Data - Discarding Some, Keeping Others)

Day 18: Keeping Specific Events (Discarding Unnecessary Events)

Day 19: Event Boundary Detection (How Splunk Determines Event Boundaries)

Day 20: Timestamp Assignment (Understanding and Configuring Timestamps)

Day 21: Timestamp Recognition (Configuring Timestamp Settings)

Day 22: Indexed Fields (How Splunk Builds Indexed Fields)

Day 23: Importance of Source Types (Why Source Types Matter) 

Day 24: TCP and UDP Data Input (Getting Data from Network Ports)

Day 25: Monitoring Windows Event Logs (Windows Event Log Monitoring)

Day 26: HTTP Event Collector Setup (Configuring HEC in Splunk)

Day 27: Scripted Inputs (Creating Scripted Inputs for Data)

Day 28: Splunk Add-ons & Modular Inputs (Integrating External APIs with Splunk)

Day 29: Scripted Input vs Modular Input (Differences and Use Cases)

Day 30: Data Loss Prevention (Using Persistent Queues to Prevent Data Loss)

Day 31: How the Splunk platform assigns source types

Day 32: The "Great 8" of Splunk (Best practices in configuration)

Day 33: What Happens With Bad Sourcetypes & How to Fix Them

Day 34: Difference between Apps & Add-ons

Day 35: How to use Splunk App Packaging Toolkit?

Day 36: How to Deploy Apps to Forwarders using Deployment Server

Day 37: Onboard data from Windows

Day 38: Onboard data from Linux

Day 39: Onboard data from ServiceNow

Day 40: Onboard data from GitHub

Day 41: Onboard data from Jenkins

Day 42: Onboard data from Syslog

Day 43: Onboard data from AWS

Day 44: Onboard data from Azure

Day 45: Onboard data from GCP

Day 46: Onboard data from BIG-IP F5

Day 47: Onboard data from MySQL using Splunk DB Connect

Day 48: Onboard data from MSSQL using Splunk DB Connect

Day 49: Onboard data from MongoDB using Splunk DB Connect

Day 50: Index Time Field Extraction - Why is it important?

Day 51: Index Time Field Extraction - Common Scenarios

Day 52: Search Time Field Extraction - Field Extraction Methods

Day 53: Search Time Field Extraction - Using Field Aliases

Day 54: Search Time Field Extraction - Creating Calculated Fields

Day 55: Search Time Field Extraction - Using Lookups to Enrich Data

Day 56: Search Time Field Extraction - Eventtypes in Searches

Day 57: Search Time Field Extraction - Tagging Events

Day 58: Introduction to Common Information Model (CIM)

Day 59: How to apply Common Information Model (CIM)

Day 60: Troubleshoot the input process

Day 61: Resolve Data Quality Issues - Line Breaking Issues

Day 62: Resolve Data Quality Issues - Event Breaking or Aggregation Issues

Day 63: Resolve Data Quality Issues - Timestamping Issues

Day 64: Configure Heavy Forwarder

Day 65: Configure Intermediate Forwarder

Day 66: Configure load balancing for forwarders

Day 67: Forwarding vs Heavy Forwarding - When to use each

Day 68: Best Practices for Data Retention Policies

Day 69: Optimizing Splunk for large-scale data ingestion

Day 70: Troubleshooting Indexer bottlenecks

Day 71: Best practices for managing multiple indexes

Day 72: Backing up and restoring indexed data

Day 73: SmartStore architecture - How to implement for scalability

Day 74: Managing frozen data - Roll, delete, and archive strategies

Day 75: Analyzing indexing performance - Key metrics to monitor

Day 76: Role-based access control - Best practices

Day 77: Managing users and permissions in Splunk

Day 78: Integrating Splunk with LDAP/Active Directory

Day 79: How to secure Splunk with SSL/TLS

Day 80: Managing encryption in Splunk (Data-at-rest and in-transit)

Day 81: Audit log configurations for compliance

Day 82: Monitoring for suspicious activities using Splunk

Day 83: Implementing alert actions and responses

Day 84: Managing Splunk app permissions and roles

Day 85: Investigating security breaches with Splunk

Day 86: Monitoring Splunk Health - Key dashboards to create

Day 87: Key Splunk Logs to Monitor - splunkd, metrics.log, etc.

Day 88: Using Distributed Management Console for performance insights

Day 89: Optimize Search Head clustering for high availability

Day 90: Splunk performance tuning for search performance

Day 91: Tuning disk I/O and memory usage for optimal performance

Day 92: Troubleshooting common search performance issues

Day 93: Implementing caching strategies to reduce load

Day 94: Using summary indexes to reduce search time

Day 95: Debugging Splunk searches using search job inspector

Day 96: Final troubleshooting session - Resolving complex data quality issues

Day 97: Optimizing Splunk Enterprise for multi-site deployment

Day 98: Creating custom dashboards for admin visibility

Day 99: Performing a final review of all configurations (Indexers, Search Heads, Forwarders)

Day 100: Course wrap-up, final Q&A, and preparing for real-world admin challenges