Book Image

Splunk 9.x Enterprise Certified Admin Guide

By : Srikanth Yarlagadda
Book Image

Splunk 9.x Enterprise Certified Admin Guide

By: Srikanth Yarlagadda

Overview of this book

The IT sector's appetite for Splunk and skilled Splunk developers continues to surge, offering more opportunities for developers with each passing decade. If you want to enhance your career as a Splunk Enterprise administrator, then Splunk 9.x Enterprise Certified Admin Guide will not only aid you in excelling on your exam but also pave the way for a successful career. You’ll begin with an overview of Splunk Enterprise, including installation, license management, user management, and forwarder management. Additionally, you’ll delve into indexes management, including the creation and management of indexes used to store data in Splunk. You’ll also uncover config files, which are used to configure various settings and components in Splunk. As you advance, you’ll explore data administration, including data inputs, which are used to collect data from various sources, such as log files, network protocols (TCP/UDP), APIs, and agentless inputs (HEC). You’ll also discover search-time and index-time field extraction, used to create reports and visualizations, and help make the data in Splunk more searchable and accessible. The self-assessment questions and answers at the end of each chapter will help you gauge your understanding. By the end of this book, you’ll be well versed in all the topics required to pass the Splunk Enterprise Admin exam and use Splunk features effectively.
Table of Contents (17 chapters)
Part 1: Splunk System Administration
Part 2:Splunk Data Administration
Chapter 12: Self-Assessment Mock Exam

Authentication methods

Authentication methods are the ways a user is validated when an attempt is made to log in to a Splunk Enterprise instance. Splunk could either deny or allow access to the respective user. Successfully authenticated users will be authorized to access resources and perform actions according to the roles assigned to the user. A user with no role can’t log in to a Splunk instance, so at least one role must be assigned to the user at the time of user creation.

Splunk supports multiple authentication methods, which is beneficial for organizations due to various reasons. Firstly, compliance requirements may mandate the implementation of multi-factor authentication (MFA) to enhance security, and Splunk provides support for MFA to meet these requirements. Secondly, internal employees of organizations can utilize the single sign-on (SSO) feature offered by Splunk, enabling them to log in without having to enter separate user credentials. This streamlines the...