Splunk Series III: System Administrator Class (Splunk Deployment)

As I continue being exposed to Splunk in the wild as well as in class 🙂 – I decided to write a bit on the class that I just took.

The System Administrator Class

This class is one of the many requirements to become a Splunk Certified Architect, which is what I’m going for in the next couple of months. This class along with the Data Administration one are required in order to take the Administration exam.

The topics

  • Splunk Deployment Overview
  • License Management
  • Splunk Applications
  • Splunk Configuration Files
  • Splunk Indexers
  • Splunk Index Management
  • Splunk User Management
  • Distributed Search and Drag

The class is very nice and the instructor was very knowledgable, I appreciate that he was very detailed. Like from their fundamentals On demand classes you get a glimpse on the installation and what are the components of the solution. I was very impressed by how the solution really scales up to provide excellent visibility to the Data. At some point I was thinking on how many Software engineers they have assigned to the support of the product.

The 4 stages of a Splunk deployment

Splunk can be deployed as a standalone server or as a distributed server infrastructure,

  • Input any text data
  • Parse the data into events
  • Index and store events
  • Search and report

UntitledImage

A basic deployment of Splunk

This is very similar to a Standalone server, which you will use to test, practice search queries, but in this basic deployment, you are looking at one more component, in this case you are adding forwarders, and you manage those forwarders (Production Servers) from your Splunk Installation

UntitledImage

A distributed deployment

This is where things start fitting scale and there are many reason why you would configure a distributed deployment in first place. Size of your data, amount of forwarders, Users accessing the data and so on.
In a nutshell, you guessed it, the 4 stages can be distributed to different servers sharing the load of the functions

UntitledImage

What is next?

Next I will break down the functions of each of the servers/services required for a distributed deplyoment

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

1 thought on “Splunk Series III: System Administrator Class (Splunk Deployment)”

  1. And what about the respect for copyright ? All these images, directly stolen from screenshots of splunk education materials.
    I would think you read the disclaimer when you attended these courses, no ?
    Do you plan to give money back to the curriculum developers and instructors working at Splunk for this ?
    you are being watched

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top