Book Image

Splunk 9.x Enterprise Certified Admin Guide

By : Srikanth Yarlagadda
Book Image

Splunk 9.x Enterprise Certified Admin Guide

By: Srikanth Yarlagadda

Overview of this book

The IT sector's appetite for Splunk and skilled Splunk developers continues to surge, offering more opportunities for developers with each passing decade. If you want to enhance your career as a Splunk Enterprise administrator, then Splunk 9.x Enterprise Certified Admin Guide will not only aid you in excelling on your exam but also pave the way for a successful career. You’ll begin with an overview of Splunk Enterprise, including installation, license management, user management, and forwarder management. Additionally, you’ll delve into indexes management, including the creation and management of indexes used to store data in Splunk. You’ll also uncover config files, which are used to configure various settings and components in Splunk. As you advance, you’ll explore data administration, including data inputs, which are used to collect data from various sources, such as log files, network protocols (TCP/UDP), APIs, and agentless inputs (HEC). You’ll also discover search-time and index-time field extraction, used to create reports and visualizations, and help make the data in Splunk more searchable and accessible. The self-assessment questions and answers at the end of each chapter will help you gauge your understanding. By the end of this book, you’ll be well versed in all the topics required to pass the Splunk Enterprise Admin exam and use Splunk features effectively.
Table of Contents (17 chapters)
Part 1: Splunk System Administration
Part 2:Splunk Data Administration
Chapter 12: Self-Assessment Mock Exam


In conclusion, roles, users, and authentication methods all together secure a Splunk Enterprise instance. We started by gaining an understanding of users. They are the primary entities that do the required actions and executions on the Splunk platform. Users can be either administrators (admins) or general users who will be created by the admin. We went through the creation of a new user through the Splunk Web interface and the Splunk CLI. Afterward, we looked into what a role has to offer for a user.

Splunk follows the RBAC approach. Roles are created and managed by system administrators. Splunk offers default roles, and they can be extended by inheriting them through the new role creation process.

Assigning a user to a specific role is a commonly used solution in Splunk to restrict their access to certain actions, limit their consumption of resources, and control their access to indexes. Roles in Splunk allow for fine-grained permissions management, ensuring that users...