Book Image

Splunk 9.x Enterprise Certified Admin Guide

By : Srikanth Yarlagadda
Book Image

Splunk 9.x Enterprise Certified Admin Guide

By: Srikanth Yarlagadda

Overview of this book

The IT sector's appetite for Splunk and skilled Splunk developers continues to surge, offering more opportunities for developers with each passing decade. If you want to enhance your career as a Splunk Enterprise administrator, then Splunk 9.x Enterprise Certified Admin Guide will not only aid you in excelling on your exam but also pave the way for a successful career. You’ll begin with an overview of Splunk Enterprise, including installation, license management, user management, and forwarder management. Additionally, you’ll delve into indexes management, including the creation and management of indexes used to store data in Splunk. You’ll also uncover config files, which are used to configure various settings and components in Splunk. As you advance, you’ll explore data administration, including data inputs, which are used to collect data from various sources, such as log files, network protocols (TCP/UDP), APIs, and agentless inputs (HEC). You’ll also discover search-time and index-time field extraction, used to create reports and visualizations, and help make the data in Splunk more searchable and accessible. The self-assessment questions and answers at the end of each chapter will help you gauge your understanding. By the end of this book, you’ll be well versed in all the topics required to pass the Splunk Enterprise Admin exam and use Splunk features effectively.
Table of Contents (17 chapters)
Part 1: Splunk System Administration
Part 2:Splunk Data Administration
Chapter 12: Self-Assessment Mock Exam


A Splunk Enterprise instance, as discussed in previous chapters, offers a variety of interfaces—namely, Splunk Web, the Splunk CLI, and RESTful APIs. All the interfaces must be secured by allowing users to log in securely through authentication and authorization. The authentication methods are explained at the very end of the chapter. Organizations can effectively manage user authorization by configuring roles, capabilities, object-level permissions, and Role-Based Access Control (RBAC) to align with individual users’ job responsibilities. Users are then able to perform administrative tasks (privileged users) or general user tasks (the creation of reports, alerts, dashboards, and so on) depending on the Splunk role assigned to them. A user must be assigned at least one role in Splunk. The following screenshot shows user management menu items on the Splunk Web home page, under Settings:

Figure 3.1: Splunk users and authentication management

Figure 3.1: Splunk users and authentication management...