Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk troubleshooting Training

pacifikn
Communicator
‎02-02-2022 07:39 AM

Greetings!!

Need your advice and opinions on the following points:

- What training can I take to master splunk admin troubleshooting issues and complete the admin training package,


- Is there a way to set or have a simulator that can help a team or someone to have a test environment to practice more on splunk troubleshooting and not the Live environment, is there any advice on this to still be able to play with the simulator or how to set up the test environment?

Kindly  need your advice on these, Thank you in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-02-2022 08:01 AM

Hi @pacifikn,

about training, there are some free courses https://www.splunk.com/en_us/training/free-courses/overview.html , in addition I hint the Search Tutorial (https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchTutorial/WelcometotheSearchTutorial) that's very useful

In addition, you can find all the Splunk certification paths at https://www.splunk.com/en_us/training.html?sort=Newest

My hint is to follow the certification paths for Power User, then Admin and then eventually Architect, but you have to follow many courses!

No there isn't an environment to use for troubleshooting, you could create a test environment, as similar as possible to your production environment and use it for testing.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-03-2022 11:53 PM

Well, the troubleshooting is often the most annoying part of any solution administration and is difficult to "teach". Mostly because troubleshooting is what you need to do when something goes not as it should which means that either the external environment does something you'd not expect or you yourself did something wrong (my "favourite" mistake - mistype "pass4SymmKey" as "pass4SymKey").

That's why troubleshooting expertise comes mostly with experience. Broad experience with various IT solutions helps as well.

Of course every IT soultion has its own "typical first steps" to troubleshooting which vary between the different solutions. In case of splunk it would probably be some simple checklist like: check your btool output, check your connectivity, trim your search...

But still you need to understand what you're troubleshooting. Otherwise you're not really troubleshooting as such but just performing a playbook.

So get your User/Admin training, start working with splunk and it will come. After you learn the basics of Splunk on an all-in-one installation, try doing a distributed environment install. After that add a mutual-TLS layer. Each of those add additional points where something can go wrong.

Just do it 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-02-2022 08:01 AM

Hi @pacifikn,

about training, there are some free courses https://www.splunk.com/en_us/training/free-courses/overview.html , in addition I hint the Search Tutorial (https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchTutorial/WelcometotheSearchTutorial) that's very useful

In addition, you can find all the Splunk certification paths at https://www.splunk.com/en_us/training.html?sort=Newest

My hint is to follow the certification paths for Power User, then Admin and then eventually Architect, but you have to follow many courses!

No there isn't an environment to use for troubleshooting, you could create a test environment, as similar as possible to your production environment and use it for testing.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

pacifikn
Communicator
‎02-03-2022 09:43 PM

Dear @gcusello ,

is there any guidance on how to create test environment step by step or you can advise me , here i think we'll use a single instance deployment?

- is it possible that you can do this test environment and work as production for free?

- what splunk enterprise and splunk enterprise security we can use for testing environment? free splunk enterprise is limited to 500MB only and i don't what to use so that you can do the test environment which can be similar to the production? what are I required to have?and how to do it? 

Kindly guide me on this, as i want to create test environment similar to the production?

Thank you in advance!!

 

 

Thank you

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-03-2022 10:58 PM

Hi @pacifikn,

there isn't any guideline for test environments because they are usually similar to the production environment to recreate the same conditions of the production environment: e.g. if you have an indexer cluster, you should have an indexer cluster also in the test environment, obviously with less storage, less resources and less clients.

If instead you're speaking of a development environment you can have also a stand alone server, or eventually also use your workstation, because Splunk Enterprise guarantees portability of applications.

To simulate load condition probably a free license isn't sufficient, so you should ask to Splunk a development license, for more infos see at 

https://docs.splunk.com/Documentation/Splunk/8.2.4/Admin/TypesofSplunklicenses#Splunk_developer_lice... 

https://dev.splunk.com/enterprise/dev_license/ 

https://splunkbase.splunk.com/develop/ 

https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html 

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...