6 hours 3 minutes
Hello, Siberians and welcome to the Splunk Enterprise certified Administrator course. My name is Anthony for Condo, and I will be the instructor for this course. It's a little bit of background information about me before we proceed with some of the information about the course itself.
I have been working in the cybersecurity industry for
about four years now. I started out by getting my master's degree from Temple University in cybersecurity. From there I joined a security operation center working as an analyst, where I worked primarily with SIM tools, including Splunk curate, our Log Rhythm Ark site and a few others as well.
From there, I moved into a content development position where
I basically just developed the rules that different Sims would use to detect potential Attackers in a corporate network. And then when? After that position, I moved into a SIM engineering position where I worked primarily with Splunk
doing more of the architect ing and configuring of the sim versus
front end type work.
From that position, I moved into a *** professional services consulting position, so I had to go through some pretty extensive training and earn a bunch of slowing certifications, including their user, power user, administrator, architect and consultant certifications.
And then I have a couple of accreditations as well
in addition to all that, I also have a few industry certifications like Conte s Security Plus on and the C I. S S P.
I put my contact information on this slide here for Lincoln or email. So if at any point during this course you need to contact me or you have some questions, you can feel free to reference this and send me a message and I'd be happy to help any way that I can.
But that's enough information about me, so we'll move on into the actual course. So before we get started with the course, we should figure out Well, what are the prerequisites? Should I be here or not? So before you take this course, ideally you should have one or more years of Splunk experience
because we're not going to be talking about
the earlier stages of Splunk knowledge like the user and power user. So, like basic search and basic functionality of Splunk, we're going to skip over that, assuming that you already have it and part of the reason for that is because you should already have your power users certification, as that is a prerequisite
for the administrator,
And then in addition to that knowledge, you should have basic system and network administration knowledge because a lot of the labs that we're gonna do later will require some basic command line knowledge for linens and and the data ingestion mechanisms will
require a little bit of knowledge about basic networking. And you know how to get data from one place to another.
So that information will be helpful. Toe basically keep the labs from feeling overwhelming and allow you to focus on the Splunk focused content versus adjacent technologies.
So the learning objectives for the course. So obviously, first and foremost, we're gonna cover all of the exam requirements to pass the enterprise admin test. So when you've done this course, you should be able to take the exam and pass and become an enterprise patent.
But in addition to that will also cover all of this born components, give you and understand what they are and what they're responsible for and when to deploy. A given component will talk about how to configure Splunk through its configuration files and where to place the configuration files. And also,
how do some of those configurations
in, uh or via Splunk Web as well? And then we'll teach you how to use the deployment server to manage the configurations on your forwarders. And then we will also walk you through the process of bringing data into splitting through, Ah, various number of ingestion methods.
So by the time you're done, you should be able to bring that in from just about anywhere.
So who is this court course for? Said the target audience is going to be, as I mentioned earlier, current's pulling power users because that is a prerequisite for the enterprise admin exam. And then also Thea, other group of people or the same group of people really will be future certified at Mons. So if you're looking to
further your career and Splunk and you want to become a certified admin, this course is for you.
So as far as the syllabus, this is gonna give you the high level overview off what we're gonna be covering through this course. So there's gonna be 10 modules ranging from the overview, the Redmond Basics licensing distributed search configuration files, indexing user management forwarders,
getting dead in and then tuning your inputs.
And so this is basically just follows first giving you a high level overview of what Splunk is and then goes into the specifics from getting your license, configuring Splunk so that it's ready to receive data and then making sure they have users, that they can access the data and then the actual data lifecycle of
getting data from a foreigner
to slung on basically what that process looks like. So I tried. I tried organizing the course from that perspective of First give you a high level understanding of Splunk and then walk you through a step by step, basically, in order of how these things need to be set up for spoke to work so that it feels more cohesive as you go.
And if you reference the syllabus, you can also see the
individual lessons that'll make up each of these high level modules for a more detailed breakdown off the course.
So, speaking off the syllabus and course materials, there's a resource is tab for this course where you confined your syllabus, glossary the references that I'll be making throughout the course and then also just say no. There will be a very heavy use of labs throughout this course
just because I think that that's the most effective way to really
drive home a lot of the concepts that that we're gonna be talking about and make sure that you know how to do them in practice.
So that covers everything for the introduction to the course. So I will see in the next video where we will jump into the overview, of course.