Practice Exams:

View All

SPLK-1002: Splunk Core Certified Power User

PDFs and exam guides are not so efficient, right? Prepare for your Splunk examination with our training course. The SPLK-1002 course contains a complete batch of videos that will provide you with profound and thorough knowledge related to Splunk certification exam. Pass the Splunk SPLK-1002 test with flying colors.

Rating

4.5

Students

120

Duration

15:54:00 h

$16.49

$14.99

Curriculum for SPLK-1002 Certification Video Course

Introduction

1 Lectures

Time 00:01:00

Introduction to Splunk Enterprise

28 Lectures

Time 01:48:00

Designing Splunk Architecture

12 Lectures

Time 01:04:00

Installation and Configuration of Splunk Components

31 Lectures

Time 03:00:00

Splunk Post Installation Activities : Knowledge Objects

31 Lectures

Time 02:38:00

Splunk Inbuilt & Advanced Visualizations

18 Lectures

Time 01:38:00

Splunk Apps And Add-On's

15 Lectures

Time 01:10:00

Forwarder Management And User Management

15 Lectures

Time 01:01:00

Splunk Indexer And Search Head Clustering

20 Lectures

Time 01:18:00

Splunk Advanced Concepts

12 Lectures

Time 00:54:00

Building Splunk Enterprise Architecture on Amason AWS Under 60 Minutes

2 Lectures

Time 01:05:00

Splunk Use Cases Of All Industries

1 Lectures

Time 00:16:00

Congrats: Completion of the Course

1 Lectures

Time 00:01:00

Name of Video	Time
1. Introduction	00:23

Name of Video	Time
1. Introduction to Module 01	00:23
2. What is Splunk?	04:41
3. Products of Splunk: Splunk Light	02:04
4. Products of Splunk: Splunk Cloud	01:51
5. Products of Splunk: Splunk Enterprise	02:41
6. Products of Splunk: Hunk & Premium Apps	04:48
7. Components of Splunk: Search Head	01:36
8. Components of Splunk: Indexer	01:22
9. Components of Splunk: Universal Forwarder	01:37
10. Components of Splunk: Heavy Forwarder	02:28
11. Components of Splunk: Deployment Server	02:33
12. Components of Splunk: Cluster Master	00:59
13. Splunk Package Downloads: Part 1	04:45
14. Splunk Package Downloads: Part 2	04:15
15. Splunk Package Downloads: Part 3	02:55
16. Splunk Add on and Application downloads	05:11
17. Splunk GUI Overview : Part 1	05:50
18. Splunk GUI Overview : Part 2	04:54
19. Splunk GUI Overview : Part 3	05:42
20. Splunk GUI Overview : Part 4	05:40
21. Splunk GUI Overview : Part 5	05:14
22. Splunk GUI Overview : Part 6	07:18
23. Splunk Searching Basics : Part 1	05:37
24. Splunk Searching Basics : Part 2	05:43
25. Splunk Licensing	02:53
26. Getting Help on Splunk Issues : Part 1	06:54
27. Getting Help on Splunk Issues : Part 2	01:32
28. Get 10 GB Free license of Splunk	02:33

Name of Video	Time
1. Splunk Visio Stencils usage	06:39
2. Estimation of License required	02:54
3. Evaluation : Search Head and Indexers	04:49
4. Evaluation : Heavy Forwarder, License Manager and Deployment Server	06:13
5. Estimation of Storage for Indexers	05:04
6. Small Enterprise Architecture review	05:47
7. Medium Enterprise Architecture review	06:49
8. Large Enterprise Architecture review : Part 1	05:12
9. Large Enterprise Architecture review : Part 2	04:53
10. Understanding clustering and High Availability in Splunk	08:12
11. Hardware Requirements for Splunk Architecture	04:53
12. Capacity Planning for your Architecture	02:12

Name of Video	Time
1. Prerequisites for Splunk Installation : Part 1	03:34
2. Prerequisites for Splunk Installation : Part 2	08:40
3. Directory Structure of Splunk	05:42
4. Configuration Hierarchy in Splunk	06:27
5. Configuration Hierarchy in Splunk : Practical Example	05:03
6. Testing Configuration Precedence	04:53
7. Concluding Configuration Precedence	04:51
8. Installation of Splunk Enterprise	04:34
9. Installation of Splunk Universal Forwarder	03:33
10. Installation of Splunk Search Head	04:19
11. Installation of Splunk Indexers	05:28
12. Installation of Splunk Heavy Forwarders and Deployment Servers	05:35
13. Enable SSL on Splunk Enterprise Instance	08:15
14. Enabling SSL from CLI	04:33
15. Index, Indexes and Indexers	05:02
16. Configuring Indexer: Enable Reciever	03:39
17. Enabling Reciever from CLI and Configuration File Edit	07:22
18. Default Index	04:28
19. Index Creation From Splunk Web and Splunk CLI	03:42
20. Index creation from Splunk Edit configuration file	05:47
21. Configure Search head From Splunk Web	05:46
22. Configure Search head From Splunk CLI	04:09
23. Configure Search head From editing Configuration Files	06:55
24. Configure Heavy Forwarder using Splunk Web and CLI	06:39
25. Configure Heavy Forwarder using Splunk Configuration File Edit	04:50
26. Configure Deployment Server From Splunk Web	03:54
27. Configure Deployment Server From Splunk Configuration Edit	05:16
28. Adding Clients to Deployment Server	07:47
29. Deployment Client Config CLI and on Configuration Edit on Universal Forwarder	07:24
30. Splunk License Manager Configuration	05:23
31. Splunk Licensing Pool and Client Configuration	07:35

Name of Video	Time
1. Uploading Data to Splunk	08:02
2. Adding Data to Splunk via configuration file edit	05:02
3. Adding Data to Splunk via Splunk CLI	02:58
4. Validation of On Boarded Data	03:52
5. Source Sourcetype and Host Configuration	07:10
6. Source Parameter Explaination	01:30
7. Field Extraction Using IFX	07:27
8. Field Extraction Using REX	05:21
9. Adding Field Extraction to Search	05:54
10. REGEX searching in Splunk	05:06
11. Props Extract Command	04:25
12. Props Report and Transforms	04:38
13. Props.conf Location	01:01
14. Eventtypes Creation and permission	05:11
15. Eventtypes Use Case	04:42
16. Tags Creation	05:21
17. Manual Creation of Tags	05:31
18. Lookups Creation in Splunk	06:46
19. Searching Using Lookups in Splunk	03:48
20. Lookups Use Case Example	04:19
21. Creating Macros in Splunk	07:48
22. Searching in Splunk	05:06
23. Search Modes in Splunk	07:41
24. Creating Alerts in Splunk	05:17
25. Splunk Alert Condition and Sharing	05:36
26. Editing Splunk alert and Alerts Actions	03:56
27. Creating Splunk Reports	04:46
28. Splunk Report Scheduling and Accelerating Reports	05:10
29. Embeding Reports in External Applications	04:46
30. Creating Dashboards in Splunk	05:12
31. Adding Panels to Dashboards And adding Panel from Report	05:17

Name of Video	Time
1. Editing Dashboard Using Source	06:17
2. Dashboard Filters: Time Range	05:08
3. Dashboard Filters: Text Box	05:28
4. Dashboard Filters: Dropdown	04:23
5. Dashboard Filters: Dynamic Filters	08:26
6. Dashboard Drill down Example	04:37
7. Dashboard Drilldown Configuration	06:06
8. Dashboard Drilldown to Same dashboard	04:52
9. What is a Splunk Workflow?	04:20
10. Creating a Splunk Work Flow	05:30
11. Demo of Splunk Work Flow Example	02:27
12. Visualizations in Splunk	05:22
13. Rest of the default Visualtization in Splunk	07:11
14. Editing XML for Dashboards	05:36
15. Adding Panel by Editing XML	05:31
16. Out Of The Box Dashboards Examples	06:07
17. Out Of The Box Journey Flow	05:39
18. Exporting And Scheduled Dashboards	06:30

Name of Video	Time
1. What is an Add on?	02:48
2. Installing Splunk Add on From Splunk Web	07:10
3. Installing Splunk Add on From Splunk CLI	04:23
4. Installation of Splunk App	05:10
5. Disabling an App or Add on	05:33
6. Creating your Own Splunk App	02:53
7. Creating your Own Splunk App using Linux CLI	06:04
8. Custom Navigation inside Apps : Part 1	05:26
9. Custom Navigation inside Apps : Part 2	07:16
10. Creating your Own Splunk App Via Splunk Web	04:25
11. Custom Navigation inside Apps Using Splunk Web	05:11
12. Custom Static Content Location for Apps	04:58
13. Changing Custom Background of Login Page	01:12
14. Custom Logo for the Splunk Login Page	02:58
15. Customizing App Icon	04:11

Name of Video	Time
1. Splunk Forwarder Management	02:28
2. Creating ServerClass.conf File	04:29
3. ServerClass and DeploymentClient Configuration Files	05:10
4. Apps on Deployment Server	05:48
5. Deploying Apps using Deployment Server	05:25
6. Creating Server Groups Using ServerClass.conf	05:50
7. Creating Base Configurations	05:04
8. Deploying Apps on Universal Forwarder Using Deployment Server	03:19
9. Updating configuration and Deploying	03:18
10. Forward Data out of the Splunk	02:01
11. User Management in Splunk	06:21
12. Creating Roles : Part 1	05:44
13. Creating Roles : Part 2	03:53
14. Creating Users : Part 1	01:15
15. Creating Users : Part 2	02:03

Name of Video	Time
1. Introduction to Clustering and Indexer Clustering UseCase	05:40
2. Search Head Clustering Use Case	01:11
3. Single Site indexer Clustering	02:29
4. Multisite Indexer Clustering	02:43
5. Search Head Clustering	00:56
6. Search Factor And Replication Factor	02:06
7. Search Head Clustering Requirement Evaluation	01:21
8. Heavy Forwarder Clustering	01:59
9. Handson Indexer Clustering : part 01	04:10
10. Handson Indexer Clustering : part 02	04:41
11. Handson Indexer Clustering : part 03	04:12
12. Handson Indexer Clustering : part 04	05:06
13. Handson Indexer Clustering : part 05	05:32
14. Handson Multisite Indexer Clustering : Part 01	03:44
15. Handson Multisite Indexer Clustering : Part 02	04:31
16. Handson Multisite Indexer Clustering : Part 03	04:41
17. Handson Search Head Clustering : Part 01	05:17
18. Handson Search Head Clustering : Part 02	05:03
19. Handson Search Head Clustering : Part 03	04:55
20. Search Head Clustering Validation	03:41

Name of Video	Time
1. Binding Splunk to an IP Address	02:18
2. Changing Process Name of Splunk Processes	03:13
3. Disabling Splunk Web Components	03:59
4. Splunk CLI Selective Restarting	03:10
5. Splunk CLI: ENABLE, DISABLE and ADD commands	02:42
6. Splunk CLI: Show Commands	03:01
7. Splunk CLI: BTOOL Usage	08:35
8. Splunk Quick Hacks for Restarting Splunk Web Components	02:57
9. Splunk Creating Datamodels	05:21
10. Splunk Datamodels Accelerations	04:15
11. Splunk Datasets and Searchs	06:14
12. Splunk Universal Forwarder Scripted Deployments	06:54

Name of Video	Time
1. Introduction to building Enterprise Architecture on Amazon AWS	05:11
2. Building Splunk Enterprise Architecture on Amason AWS Under 60 Minutes	59:18

Name of Video	Time
1. Security Use Case: SQL Injection Detection in Splunk	15:36

Name of Video	Time
1. Congrats: All the best for your Careers and Future Splunk learnings	00:38

Splunk SPLK-1002 Exam Dumps, Practice Test Questions

100% Latest & Updated Splunk SPLK-1002 Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!

$69.97

$49.99

SPLK-1002 Premium Bundle

Premium File: 144 Questions & Answers. Last update: Apr 23, 2024
Training Course: 187 Video Lectures
Study Guide: 879 Pages

Latest Questions
100% Accurate Answers
Fast Exam Updates

SPLK-1002 Premium Bundle

Premium File: 144 Questions & Answers. Last update: Apr 23, 2024
Training Course: 187 Video Lectures
Study Guide: 879 Pages

Latest Questions
100% Accurate Answers
Fast Exam Updates

$69.97

$49.99

Free SPLK-1002 Exam Questions & SPLK-1002 Dumps

File Name	Size	Votes
File Name splunk.pass4sure.splk-1002.v2024-03-29.by.iris.53q.vce	Size 320.94 KB	Votes 1
File Name splunk.testkings.splk-1002.v2021-06-20.by.nicholas.53q.vce	Size 320.94 KB	Votes 1
File Name splunk.test4prep.splk-1002.v2020-12-31.by.harper.39q.vce	Size 360.74 KB	Votes 2

Splunk SPLK-1002 Training Course

Want verified and proven knowledge for Splunk Core Certified Power User? Believe it's easy when you have ExamSnap's Splunk Core Certified Power User certification video training course by your side which along with our Splunk SPLK-1002 Exam Dumps & Practice Test questions provide a complete solution to pass your exam Read More.

Designing Splunk Architecture

9. Large Enterprise Architecture review : Part 2

For simplicity's sake, this module. In this slide we'll be considering single side index or clustering. In single-side indexing or clustering, each index exchanges the data that it has received from the forwarder, so that at any point, if one indexer fails, the data can be retrieved from the other two instances. To understand how this actually works, we need to know more about replication and search factors, which we'll be covering at a later stage because of the complexity involved in choosing them and the depth of the concept of application and search factors.

Moving on Now we understand that single set clustering in Splunkexchanges data between indexes in order to overcome any data loss or disruption in our search results during the event of any indexer going down. Now we've got that clear. Let's move on further down and compare this with our Medium Architecture.If you see our medium architecture, this is our medium architecture. You can see that there are some components like the Deployment Server and Heavy Forwarder and License Manager. There are three blocks which are new in Large Enterprise.As you can see, these three components are present in the large enterprise of Splunk architecture. We all know by now that to expand the deployment of Splunk, we must have a deployment server for managing Splunk, Universal Forwards, and other Splunk components.

By having a single deployment server, we will help to reduce the complexity of managing Splunk infrastructure. Consider the example of having 200 clients and logging them individually just to change their anIP or the host name of that instance. Instead of that, you can push this configuration from the deployment server, probably in five minutes rather than logging into 200 different machines one at a time. The deployment service acts like a boss in an architecture where it talks to all the Splunk components across the architecture and tells each how to operate and what configurations are deployed on each component. We can now use Deployment Server to monitor the health of the components throughout the infrastructure. Now we understand the deployment server. Let's move on to our License Manager where we see from the architecture it keeps tabs on our licenceutilisation and can also alert based on licence violation upon reaching our thresholds as perour alert configurations for this licence usage. This functionality of the License Manager is almost identical to that of a non-cluster or clustered environment where its only function is to collect the licence usage fromall the components and keep track of the violations in the daily usage statistics of our licencesandreport them accordingly.

And we also see in this architecture that there are heavy forwarders in between UniversalForwarders and our data sources and indexes. These heavy forwarders are receiving the data from forwarders and passing it along, filtering some of the events before sending them to the indexer, where the indexes will be receiving the data from. These heavy forwards, which are passed and filtered by the heavy forwarders, are received on the indexes and stored on the indexes themselves. This is a good option and best practise to have an AV forwarder in your architecture of large deployments. It will add significant value to the Splunk architecture. By now we are familiar with the three architectures for small, medium and large enterprises. Now let us see one of the best architectures of Splunk, considering the scaled up version of large deployment.

10. Understanding clustering and High Availability in Splunk

This architecture can be considered as a scaled up version of the larger deployment which we saw in the previous tutorial. This will be one of the crazy things involving things like high availability and clustering of Splunk into your design. Since we've already gone through these scenarios of having high availability and clustering options, by now you should be aware of the benefits of having high availability and clustering options in your organization. Let's see the architecture now. Looking at Chile, it looks like a total chaos in the architecture and a lot of components, but as a Splunkarchitect you'll be able to see the beauty of Splunkflexibility and scaling up and its design. If you look carefully, there are two sites, which are Site One and Site Two. These are two sites.

In real scenarios, it will be like the main data center. This could be your doctor or Visa Recovery center. For our understanding, let us call them Site One and Site Two. The Site One components look identical to the last enterprise architecture, which we saw in our previous example. This is our site. One architecture If we just see in our previous discussion, we went through the large enterprise architecture, which is identical to our site one. It is clear that for Hillary Clinton and Cluster, we are considering only large-scale enterprise. So site one is our main data center, where all of the logs are collected using universal forward essays logs and then passed to the indexer for storage and retrieval by our AV forwarders, and the searchers do their fancy stuff like fetching data from the indexes and visualizing reporting or alerting. The same is true for Dr. or our sites, which are identical to our main site. But from this diagram we can see that some of the components, like the deployment server and the license manager, are communicating to both sides. Having a deployment server talk to all the components has a huge advantage of managing the configuration in one place.

It talks to all the components like searches, indexes, avoidances and the data sources. Similarly, we know from our previous modules that License Manager talks to all the indexes that are present in Side One, Site Two, or in any other site of your architecture to keep track of the license utilization. Since it has very limited functionality, we can make it a cluster master. Also, we can use the licence server itself to function alongside as a Cluster Master, which takes care of making sure that the data has been copied or replicated to the other side and vice versa. The function of Cluster Master can be clubbed with that of a deployment server or License Manager. Although it is not recommended by Spelunk, it doesn't have much of an impact on the performance. Since the License Manager, which has very limited functionality, can also be made a Cluster Master, it is also the Cluster Manager's responsibility to ensure that the replication and search factors are met between the cluster or the cluster members and that the cluster is stable. The health of the cluster can also be monitored from the cluster master. To conclude, let us go through some scenarios where multisite clustering will add value. Let's say one of the indexes in my main index goes down. So what happens? There is still data between the two indexes, which should be more than enough. If you have configured the replication factor, two will come to this replication factor and such factors and how they influence the cluster and the storage and the high availability part. Let's say we have two copies of the data here.

So if one indexer goes down, there is a very good chance that these two indexes can give you the results without any impact. Let's say one of the searches goes down as a second scenario. If it is a highly critical one and it is clustered into ourDry, we can access our Dry searchers and continue with our dashboard reports or alerting. Whatever it was, it should operate without any issues. Similarly, if it is a dedicated searcher, like it handles premium map which is configured only on one searcher and it has not been clustered, the impact will be the alerts or the scheduled searches which are configured on this searcher will not be running anymore. If it has been clustered into our global site, it will be subject to scheduled searches and alerts generated by our searcher on the site. Two. In the third scenario, let us consider there are two indexes going on. In that case, our search will be impacted. We will not be getting 100% of the results from the main site indexes, but if we make the same searches point to these indexes, they will be able to retrieve 100% of the data even though these two indexes are down.

So at any given point of time, either these three indexes or these three indexes should be able to serve you with 100% of the results. And in the fourth scenario, the deployment server goes down. Consider the deployment server goes down, which doesn't have a slave in this architecture, like it doesn't have a failure. But for the deployment server, there is a reason why it stands out from the regular architecture. If you see it, it stands somewhere in the middle just communicating to all the servers. But if you see, if the deployment server goes down, there is no functional impact on our Splunkarchitecture because it just makes sure that all the instances are up and you'll be able to modify configuration, restart them, and make sure the new configurations are deployed. These kinds of scenarios whereas even if it fails, the searcher indexes and heavy folders will have a local copy of their configuration and will continue to function normally. In the case of a deployment server going down, let's say you're not able to bring up the server. Make sure to restore the backup into the new VM and you'll be able to assign the same IP and the deployment server should be up within a matter of no time. By understanding all this architecture and the benefits, you should be able to design one of the best fit architectures for your organization.

11. Hardware Requirements for Splunk Architecture

As part of our journey of designing the best architecture for our organization, The next step is to understand the hardware specifications required for our Splunk components. The link specified here in the document should be able to take you directly there. Let me show you the contents of this so that you will have a better understanding. These are the hardware recommendations that are recommended by Splunk. The link should be able to take you directly into the requirements page, which shows the recommended hardware specification. These are for the Unix operating system. Now let us go through them one by one. Let us start by looking at the search perspective. Depending on, let's say, small, medium, or large enterprise. The number of courses for Splunk varies from two to 64 courses at 2GB depending upon the size of the architecture.

It's like a twelve-course for small enterprises and a 64-core for large enterprises. Because each core or it is core intensive, the more courses the better for the search. The search ads are displayed whenever you run a search. They mainly rely on the available courses for that search. It's better to have a higher number, of course, for our searcher and looking at indexer hardware, it is highlycritical to get a minimum of more than 100 IOPS. The IOPS should be more for the indexes since the more IOPS, the better the performance of your indexer. Always remember never to compromise on IOPS, that is your input operations and input output operations per second, since it is one of the critical values for the performance of your entire Splunk environment. Moving on to the next value is storage. From our previous discussions, we know how to get an estimate of the storage for our indexes. Now we need to understand what rate level is required or recommended by Splunk to run at optimum performance. It is highly recommended to have rated for better performance,but if you are able to get our IOPS condition,we should be fine with rate five or rate six.

The next step is the RAM specification, which depends again on the size of the deployment. Depending on whether the system is small, medium, or large, the ramp can range from twelve to 64 GB, similar to the course we discussed earlier. For the scale of the deployment, it's always better to go for the maximum available ramp. Since you will notice, Splunk will be acting like a monster. It will be eating up all the resources that it can get its hands on. And this can be tuned to run at optimum performance by a Splunk admin or Splunk architect. And also, there are a couple of prerequisites for Splunk which should be taken care of as part of infrastructure provisioning or before installation. Those are U limits as per Splunk recommendations. At the OS level, there are a couple of limits that need to be specified so that our Splunk operates at optimumperformance and also SELinux, also known as Secure Linux. On the Linux platform, it should be disabled or should be made to allow Splunk to run outside of Linux and PHP, which stands for Transparent Huge Pages, which is known to cause issues while running Splunk. So it is recommended by Splunk that you disable these processes before installation.

12. Capacity Planning for your Architecture

The final step in concluding the link specified in the document should be able to take you to the official documentation where you can download this manual, which will be handy while finalising the architecture. Let us go through this link. So this is one of the links that are very useful while you are at the final stage of your Splunk architecture. This manual is known as the Capacity Planning manual. You can click to download this manual as a PDF. Make sure you're clicking on the top because if you download this, you will probably end up just getting the first page of the documentation on this topic. So make sure you click on Download ManualAspedia so that you get the complete manual. So this is our Capacity Planning Manual, which will be very handy while finalising our Splunk architecture. And we have seen in our previous discussion what the licence set, number of indexes required, number of searches, number of AV formers, whether to have a deployment server, licence manager, and also the hardware requirements like RAM, CPU, IO required for each component of our Splunk, the storage requirements for indexes, and IOPS. We will summarise all this and finalise the best fit architecture for the organization. Remember always that IOPS should be greater than 200. The RAM can vary from twelve to 64 GB based on the size of the architecture and, of course, the better for the searchers.

Prepared by Top Experts, the top IT Trainers ensure that when it comes to your IT exam prep and you can count on ExamSnap Splunk Core Certified Power User certification video training course that goes in line with the corresponding Splunk SPLK-1002 exam dumps, study guide, and practice test questions & answers.

Comments (0)

Add Comment

Please post your comments about SPLK-1002 Exams. Don't share your email address asking for SPLK-1002 braindumps or SPLK-1002 exam pdf files.