If you email me we can discuss live assistance with subject matter review or live exercises. I've been running a fairly big completely distributed cluster with community, Splunk Inc., and Premium add-ons for years; 90%security/10%ops focus.
DustinMcCoyEE@gmail.com ~NorthEast SATX
...Oh yeah, you got all the certs; LMK if you ever want to brainstorm actuals ~live.
I'm just now doing the introductory training, but if this would be an online event, I'd be interested in attending any "learning sessions". I have a home lab and plan to work on production systems soon, please keep me in the loop and I can add value when I can.
First and foremost, welcome to the San Antonio Splunk Usergroup! We are excited to see new members jumping in to get their hands dirty with Splunk. There are some great resources available for folks going through their Splunk inauguration. Attached to this post I have shared Splunk's Fast Start Program. This is a brief PDF outlining the different courses available through Splunk Education to get you and your team up and running. I got my start with Splunk running through their self-taught and eventually virtual classes and can't recommend them enough. You can also check out the other courses available from Splunk Education here: https://www.splunk.com/en_us/training.html?sort=Newest
As always, if you have any specific topics you'd like some assistance with please post here on these forums and we can all try and tackle the problem together. I look forward to meeting you and discussing things further as we grow the San Antonio Splunk User Group together!
Thank you Charles! I just recently past my core user and power exams. I'm having difficulty with the advance power user, so was looking to learn from experienced San Antonio Splunk experts to grow myself and be a person to grow our community as well. If you have any recommendations, shot them my way. Once again thank you and I look forward to an involved San Antonio Splunk UserGroup. If your able to let me shadow in person, I'm all for it. I live on SeaWorld side of town.
Nothing wrong with that, without specific questions all I can really recommend is reading the Splunk Docs pertaining to the specific questions you have. There are a plethora of .conf talks out there about many of these topics too. Some of them are a bit dated, but their theories still ring true.
Can you explain ingesting the data to the indexers from the forwarders, the process with using linux and instances? Are you going to the meetup on Tuesday for the San Antonio Splunk Community.
Do you have 2 services in play only or distributed?
UF/HF forwarding~inputs.conf->outputs.conf (egress TCP/UDP ethereal)
IDX reception~inputs.conf (ingress TCP ~9997 default)
Deployment Server /Forwarder Management ~serverclass.conf[for above or distributed multiples of above] (ingress TCP 8089 default)