1 - Splunk Server Deployment

• Provide an overview of Splunk
• Identify Splunk Enterprise components
• Identify the types of Splunk deployments
• List the steps to install Splunk
• Use Splunk CLI commands

2 - Splunk Server Monitoring

• Enable the Monitoring Console (MC)
• Identify Splunk license types
• Describe license violations
• Add and remove licenses
• Use Splunk Diag

3 - Splunk Apps

• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions

4 - Splunk Configuration Files

• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings

5 - Splunk Indexes

• Learn how Splunk indexes function
• Identify the types of index buckets
• Add and work with indexes
• Overview of metrics index

6 - Splunk Index Management

• Review Splunk Index Management basics
• Identify data retention recommendations
• Identify backup recommendations
• Move and delete index data
• Describe the use of the Fishbucket
• Restore a frozen bucket

7 - Splunk User Management

• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Manage users in Splunk

8 - Configuring Basic Forwarding

• Identify forwarder configuration steps
• Configure a Universal Forwarder
• Understand the Deployment Server

9 - Distributed Search

• Describe how distributed search works
• Define the roles of the search head and search peers