Please help me out anyone, need these topics to learn.
Onboarding
syslog-ng
architecture
networking
Based on what you have advised, I would recommend spinning up your own environment in aws or in a home lab that allows you to start building up those hands on hours.
I would recommend starting something simple like a non clustered deployment, focusing on ingesting as many data sources as you can get your hands on, deploying forwarders and managing them with the deployment server, and deploying a forwarder with syslog-ng to catch syslog and filter it to it's own directories. There are many articles online on how to do this with syslog-ng or rsyslog. (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/)
Perhaps work toward Something like this :
The once you have played with that for a while, then level it up to a single site cluster (unless you know for sure that the job doesn't run a cluster, in that case spend more time playing in your topology above):
In this topology, you will focus on the indexer cluster, the cluster master and how replication and search factor work
Then if you are feeling adventurous go for the multisite with a search head cluster:
All these adventures are chronicled in detail in Splunk Docs in the Deploy and Admin guides. I'd be reading that and trying the main topics constantly till the interview.
https://docs.splunk.com/Documentation/Splunk
Spending time using the software is what will set you apart from others and give you confidence and experience to draw upon, so find a project you can really dig into as it will provide you with the experience that will impress. And don't neglect working with the data and the search language! The best Splunk admins are curious by nature and love to get to know their data.
Based on what you have advised, I would recommend spinning up your own environment in aws or in a home lab that allows you to start building up those hands on hours.
I would recommend starting something simple like a non clustered deployment, focusing on ingesting as many data sources as you can get your hands on, deploying forwarders and managing them with the deployment server, and deploying a forwarder with syslog-ng to catch syslog and filter it to it's own directories. There are many articles online on how to do this with syslog-ng or rsyslog. (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk/)
Perhaps work toward Something like this :
The once you have played with that for a while, then level it up to a single site cluster (unless you know for sure that the job doesn't run a cluster, in that case spend more time playing in your topology above):
In this topology, you will focus on the indexer cluster, the cluster master and how replication and search factor work
Then if you are feeling adventurous go for the multisite with a search head cluster:
All these adventures are chronicled in detail in Splunk Docs in the Deploy and Admin guides. I'd be reading that and trying the main topics constantly till the interview.
https://docs.splunk.com/Documentation/Splunk
Spending time using the software is what will set you apart from others and give you confidence and experience to draw upon, so find a project you can really dig into as it will provide you with the experience that will impress. And don't neglect working with the data and the search language! The best Splunk admins are curious by nature and love to get to know their data.
Hi Rocky31,
Can you tell us more about your Splunk experience and what role you are applying for? It will help direct you to relevant info. Have you completed any Splunk training? When you say Splunk interview, are you applying for a Splunk admin role? What kind of industry?
Otherwise Google is your best friend. Review the Splunk docs especially the Architecting and Admin manuals.
https://docs.splunk.com/Documentation/Splunk
And googling Splunk and syslog will yield plenty of material.
Starcher's syslog blog us one of my favs:
http://www.georgestarcher.com/splunk-success-with-syslog/