#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.

Need some topics to prepare for my splunk interview

Rocky31
Path Finder

Please help me out anyone, need these topics to learn.
Onboarding
syslog-ng
architecture
networking

Tags (1)
0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Based on what you have advised, I would recommend spinning up your own environment in aws or in a home lab that allows you to start building up those hands on hours.

I would recommend starting something simple like a non clustered deployment, focusing on ingesting as many data sources as you can get your hands on, deploying forwarders and managing them with the deployment server, and deploying a forwarder with syslog-ng to catch syslog and filter it to it's own directories. There are many articles online on how to do this with syslog-ng or rsyslog. (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/)

Perhaps work toward Something like this :

alt text

The once you have played with that for a while, then level it up to a single site cluster (unless you know for sure that the job doesn't run a cluster, in that case spend more time playing in your topology above):

alt text

In this topology, you will focus on the indexer cluster, the cluster master and how replication and search factor work

Then if you are feeling adventurous go for the multisite with a search head cluster:

alt text

All these adventures are chronicled in detail in Splunk Docs in the Deploy and Admin guides. I'd be reading that and trying the main topics constantly till the interview.

https://docs.splunk.com/Documentation/Splunk

Spending time using the software is what will set you apart from others and give you confidence and experience to draw upon, so find a project you can really dig into as it will provide you with the experience that will impress. And don't neglect working with the data and the search language! The best Splunk admins are curious by nature and love to get to know their data.

- MattyMo

View solution in original post

mattymo
Splunk Employee
Splunk Employee

Based on what you have advised, I would recommend spinning up your own environment in aws or in a home lab that allows you to start building up those hands on hours.

I would recommend starting something simple like a non clustered deployment, focusing on ingesting as many data sources as you can get your hands on, deploying forwarders and managing them with the deployment server, and deploying a forwarder with syslog-ng to catch syslog and filter it to it's own directories. There are many articles online on how to do this with syslog-ng or rsyslog. (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/)

Perhaps work toward Something like this :

alt text

The once you have played with that for a while, then level it up to a single site cluster (unless you know for sure that the job doesn't run a cluster, in that case spend more time playing in your topology above):

alt text

In this topology, you will focus on the indexer cluster, the cluster master and how replication and search factor work

Then if you are feeling adventurous go for the multisite with a search head cluster:

alt text

All these adventures are chronicled in detail in Splunk Docs in the Deploy and Admin guides. I'd be reading that and trying the main topics constantly till the interview.

https://docs.splunk.com/Documentation/Splunk

Spending time using the software is what will set you apart from others and give you confidence and experience to draw upon, so find a project you can really dig into as it will provide you with the experience that will impress. And don't neglect working with the data and the search language! The best Splunk admins are curious by nature and love to get to know their data.

- MattyMo

mattymo
Splunk Employee
Splunk Employee

Hi Rocky31,

Can you tell us more about your Splunk experience and what role you are applying for? It will help direct you to relevant info. Have you completed any Splunk training? When you say Splunk interview, are you applying for a Splunk admin role? What kind of industry?

Otherwise Google is your best friend. Review the Splunk docs especially the Architecting and Admin manuals.
https://docs.splunk.com/Documentation/Splunk

And googling Splunk and syslog will yield plenty of material.

Starcher's syslog blog us one of my favs:
http://www.georgestarcher.com/splunk-success-with-syslog/

- MattyMo
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...