Splunk – Beginner to Architect Course Syllabus

Overview: This comprehensive Splunk course takes you from beginner to architect level with a structured, hands-on approach. You'll start with Splunk installation and data ingestion, progress through search processing, dashboarding, and app development, then master enterprise-scale architecture and security. With approximately 7 hours of on-demand video content, this course is ideal for IT, security, and DevOps professionals aiming to deploy, manage, and scale Splunk in real-world environments.

Module 1: Splunk Installation & Data Onboarding

Estimated time: 1 hour

• Setting up Splunk Enterprise on Windows and Linux
• Installing and configuring Splunk Universal Forwarders
• Configuring data inputs for files, directories, and syslog
• Using HTTP Event Collector for modern data ingestion

Module 2: Fundamentals of SPL & Search

Estimated time: 1.5 hours

• Executing basic searches with the search command
• Using core SPL commands: stats, timechart, table
• Applying time modifiers and wildcards in searches
• Extracting and manipulating fields using search modes

Module 3: Data Transformation & Field Management

Estimated time: 1 hour

• Using rex command for custom field extraction
• Extracting JSON fields with spath
• Creating calculated fields using eval
• Enriching data with lookups, KV Store, and external scripts

Module 4: Reporting, Alerts & Dashboards

Estimated time: 1.5 hours

• Creating scheduled reports and dashboards
• Configuring alerts with throttling and actions
• Building interactive dashboards using Dashboard Studio
• Adding form inputs and drilldown behaviors to panels

Module 5: Splunk Apps & Add-Ons

Estimated time: 1 hour

• Installing and managing apps from Splunkbase
• Configuring Technology Add-Ons (TAs) and UBA
• Developing simple custom Splunk apps
• Designing navigation menus and app layouts

Module 6: Architecting for Scale

Estimated time: 1 hour

• Designing indexer clustering for high availability
• Setting up search head clustering
• Managing distributed deployments with Deployer
• Using Deployment Server for centralized configuration

Module 7: Security & Compliance

Estimated time: 45 minutes

• Configuring user roles and capabilities
• Integrating LDAP and SAML for authentication
• Enabling SSL encryption across components
• Performing data integrity and compliance checks

Module 8: Performance Tuning & Best Practices

Estimated time: 45 minutes

• Monitoring Splunk health using _internal and _introspection logs
• Using Deployment Monitoring Console (DMC)
• Optimizing index and search performance
• Implementing capacity planning and retention policies

Prerequisites

• Familiarity with basic Linux/Windows command line
• Understanding of log files and machine data concepts
• Basic knowledge of networking and system administration

What You'll Be Able to Do After

• Install and configure Splunk Enterprise and forwarders
• Write powerful SPL queries to analyze real-time and historical data
• Build interactive dashboards and operational alerts
• Deploy and manage scalable, clustered Splunk architectures
• Secure Splunk deployments and ensure compliance