Student Feedback
SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course Outline
Introduction to Splunk & Set...
Getting started with Splunk
Splunk Architecture
Forwarder & User Management
Post Installation Activities
Security Primer
Distributed Splunk Architecture
Indexer Clustering
Search Head Clustering
Advanced Splunk Concepts
Introduction to Splunk & Setting Up Labs
SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course Info
Gain in-depth knowledge for passing your exam with Exam-Labs SPLK-2002: Splunk Enterprise Certified Architect certification video training course. The most trusted and reliable name for studying and passing with VCE files which include Splunk SPLK-2002 practice test questions and answers, study guide and exam practice test questions. Unlike any other SPLK-2002: Splunk Enterprise Certified Architect video training course for your certification exam.
Introduction to Splunk & Setting Up Labs
6. Data Persistence for Container Volumes
Hey everyone and welcome back. In today's video, we will be discussing the data persistence for these Splunk containers. Now, typically for testing environment, even in theearlier videos that we were discussing, we usedto have a single docker container. A single Docker container means that both the process and the data are contained within the single Docker container. So ideally for testing, it might be okay,but you might not get data persistence. So if in case you restart,your data might be lost there. So for a production environment, this type of setup is not at all recommended because typically, let's say you are running a backup tool that backups all of your Splunk data every 24 hours. You don't want to install thebackup tool inside your docker container. So in production, what should be the approach isthat your process and your data should be separate. So your process should be inside the docker containerprocess and all the relevant libraries and dependencies. However, the data part, whatever data which hasbeen stored, it should be mounted back tothe host volume or any external volume likeNas or even EFS that you might have. So this is the ideal way. So what happens here is that even though if thisprocess terminates or there is some issue related to theprocess, your volume or your data will still be preserved. So even if your docker container gets exited oreven if your docker container gets removed, your data,the main data that you have still gets preserved. So this is the ideal way of doing things andwe'll be discussing how to do it in this video. So, what I have done is Ihave created a simple docker run command. Now, this is very similar to the earlier docker command that we used to use during installation. The only added part is this one. All right? So this is what we're doing is if we runthis command, this is for volume, a new volume, anew docker volume will be created call as optslunk etc. inside the host. So if I would have to share you. So this opt at TC, this volume we created on thehost and it will be mounted to the opt splunk etc.Of the splunk container. And same for the VAR, you have optsplunk and it will be associated with optsplunk of the splunk docker container. So let's do one thing. Let me quickly copy this command and I'll runit inside a Linux server that I have andwe'll look into what exactly it does. All right, so this commandhas been executed successfully. And if you do a docker PSsplunk container is in the starting stage. Now, what a docker has done behind thescenes is it has created two volumes. So if you do a docker volume LS, you will see thatthere is one volume with the name of opt splunk etc. And there is a second volume with the name Opt Splunk Wire. Now these two volumes are here in the back end server. It is not associated inside the docker container. So go to this specific volume. So there is a specific path. As a result, the path is VAR Docker volumes. So this is the path where the volumes are stored. And if you would see thereare two volumes opt Splunk etc. And Opt splunk y. Now, if you go into Optslunk etc. There will be a directory called as Data andinside Data you will have all the data whichyou will typically find in the Splunk etc. Directory. And you will see this is all the datathat you will find in the Splunk GTC directory. Now the same goes with the war. If I go to Opt Splunk War and insidethe data, you will find all the data whichis present within the Splunk War directory. So let's try it out. Whether this actually works or not, this is something that we need to understand. So let me do a Docker PS and let's log into the container. All right. So, if I go to Optsplunket and ask for a file called test dot TXT, Alright, so I have created the file inside the container. Now let me come out of the container and I'llgo to VAR LEB docker volumes, op, Splunk etc. within the data. If you do LS, you will seethat test TXT file is present here. Now, in case your docker container exits or thereis some corruption that has happened due to whichit is not starting at all or by mistake,someone has removed the docker container. So let's try it out. So if I say docker removes plank and mount beforewe do that, we need to stop the docker container. And before we stop it, let's quickly verifywhether a Splunk is running or not. So this is the server in AWS whereI had installed a Splunk docker container. I'll copy the IP address of the serverand I'll pace it within my browser. Now, as expected, Splunk has started, and if I try to quickly login, I should be able to log in there. Great. So things are working as expected. Now, coming back to a docker command, letme just stop the Splunk mount and I'llalso remove the container by itself. so the entire container is now removed. If you quickly do a docker PS, you willsee that there is no container over here. however, even though there is no container. So what we have done is if I can quickly showyou in the slide, this specific part is not present. We have completely deleted it. But since we have put the data in thevolume, the volume is still present within the hostfile, so the data will still be present. So if you quickly want to see this, if yougo to Warlibdocker volumes, and if you do LS, youwill see, both the volumes will still be present overhere, so these volumes will not be deleted. Now, in case you want to delete the volume as well. Typically, if you want to just reinstall the entireSplunk and you don't want older data, then youcan quickly do a Docker Volume LS. These are the two volumes, and you can do aDocker Volume RM, and you can specify Opt Splunk etc. And same as Opt Splunk work. And now, if you do a Docker PS oopsDocker Volume LS, both the volume should be deleted. And even if you do LS over here, you willsee both the directories which were present here are deleted. So this is how you can actually havea proper data processing, and this is theideal way of running docker in production environment. So that's about it for this video. I hope this has been informative for you, andI look forward to seeing the next video. Bye.
7. Important Pointer for Docker in Windows
Hey everyone and welcome back. Now in the earlier video, we looked into how we can have a Docker volume and how we can mount certain directories from the Splunk Process to a Docker volume for data persistence. Now for Windows, you can basically run the same command. But I also wanted to show you a few more things. Now, typically, if you look into this document, this is the Docker-nine command that we had executed in our Linux box. So typically, if you do the same thing in Windows, it will work out of the box. So if you do a Docker PH, your Splunk container should start, and if you do a Docker volume LS, you should see the opt splunk etc. and opt Splunk wired directory over here. Now, if you want to have Splunk, etc. mounted in a different directory or on a different drive, that is also something that you can do. Now, basically, if you see within the D drive I have a directory called "Containers," Within containers I have a directory called Splunk, and within Splunk I have created a directory called Opt Splunk, etc. So I want the etc. of my Splunk to be associated with this custom directory that I have created. And that is also something that you do when you do a hyphenated "V." Now, I specify the absolute path over here. So this is the absolute path. Now let's try and work this out. So since we already have the Splunk mount container, let me quickly stop it, and once it is stopped, let's run the command. and this command has been executed successfully. So the first time you associate with a different directory, you'll get a pop-up saying whether you want to share it or not. So you can just click on "Share It" during the pop-up time. Now, another way in which you can do that is to do one thing. Let's just quickly see our optsplunk, which has not yet come up. So let's just quickly wait for a minute. All right. And now you see that the data has started to arrive over here. Now, the second way in which you can do that is to let me quickly open up the Docker. So this is the Docker demon. You can go to settings and yousee it is saying apply changes. So basically what we had done is we hadassociated the docker container to the D type. So basically, we'll have to apply the changes. You can go ahead and click on "Apply" over here. So basically, once you do apply, it will go ahead and update the drives over here. So it might take a few minutes for that to here. So it migSo once that is done, there is one more important part that I would like to share. Now, if you go into the daemon, there is an option called "experimental feature"; make sure that this option is deselected. Otherwise, you might be in for some unpleasant surprises down the road. So by default, this option is selected. So make sure you deselect it. And you just click on "apply," and then you start with whatever testing that you might want to do with the Docker containers. So that's about it for today's video. I hope this has been informative for you, and I look forward to seeing you in the next video. You.
8. Document - Persistent Docker Volume
Hey everyone and welcome back. In today's video, we will be discussing the basics of Splunk licensing. Now, every Splunk software instance basically requires a license. Now, that Splunk licence basically denotes how much data you can index in that Splunk instance and the features that are available. Now, there are five major types of Splunk licenses. One is a standard Splunk Enterprise license. Second is the Enterprise trial license. Third is the sales trial license. Fourth is depth, and fifth is free license. Now, one good thing that I really like about Splunk is this free licence that they provide, as well as the DevTest license. This is really helpful, specifically if you want to learn and if you are trying new things out. So, however, organisations typically go with the standard Splunk Enterprise license. So if I quickly show you this Now, if you'll go into the Splunk pricing page, you will see that I have a Splunk Enterprise, and it is basically starting at $225 per GB per month, billed annually. So again, this is quite costly, which is the primary reason why a lot of enterprises do not offer Splunk. However, many organisations they do offer sprung. Even though the licencing is so costly, primarily because of the features that Splunk provides, it's really unique anyway. So along with that, you have Splunk Enterprise. So this is something that you can download and use on your on-premise server. Splunk Cloud is another service provided by Splunk. So if you do not want to manage your own servers, you don't have to manage all the upgrades. Splunk Cloud is a good option for security, and Plant Free is another. So one of the disadvantages you'll see for Splunk Free is that you can only scale up to 500 MB per day. You have a limitation of one user, and there are a lot of features that are not available for the Splunk free version, like alerting, and you also compromise on those aspects. But there are basic things you'll be able to opt for. Now with this said, let me quickly open up localhost 8000, and this is our Splunk instance. Let me quickly log in, and if I go into the settings and I go into the licensing, you will see that I'm in the trial licence group. Now, so, basically, if you intend to purchase Flunk Enterprise and you purchase it, you would basically require a licence key. And you can add that licence key with this button, "Add License," and then your Splunk licence will change depending on how much data you have ingested, whether five GB per day or ten GB per day. So in the trial license, the licence daily volume would be limited to 500 MB. You cannot send more than 500 MB. And along with that, the licence expiration is December 25. So you'll be redirected to the free version of Splunk after about 60 days. So, as previously stated, we entered the trial license. After 60 days, we'll be upgraded to a Splunk free trial license. Or, I would say, a Splunk-free license. Now, one more important part that I would really like you to remember is the difference between a perpetual and a term license. So, a perpetual licence is basically a one-time licence fee that will grant you indefinite rights to use the software. So, it's not like if you purchase a 1 GB license, you have to again repurchase the same licence after one year; you can use it continuously. However, a term licence is basically for a specific period, for example, one year. So let's assume that you buy a one-GB Splunk term license. So, if it is a term license, it will only be valid for one year. After one year, you'll have to once again purchase that license. However, for a perpetual licence, you do not really have those restrictions. But do remember: Perpetual licences are quite expensive. Definitely, because PLANCK allows you to use it for an indefinite period of time.
9. Splunk Licensing Model
Hey everyone and welcome back. Now in today's video, we will look intohow we can apply for a developer license. Now, this type of licence is one of my favourites in Splunk, primarily because it really allows you to ingest huge amounts of data on a daily basis. And also it allows you to haveall the enterprise planck enterprise based features. So if you go into this specific URL, which is planckbase.com/develop, I'll be posting this URL. Also, this is basically where you can request your developer trial license. Now if you'll see over here, it basically allowsyou to have tenGB of daily indexing, it allowsyou to have full enterprise features and it allowsyou to have free trial for six months. Now, in most cases, you would generally receive this specific license. Now, there are certain instances where some of my colleagues somehow did not receive this. So they generally used to use the Splunk Enterprise Trial License for such cases. But for most cases, you would generally receive it. Otherwise, you can just create a new account, and you can request a developer license. Anyway, so I'll click onRequest Free Developer License. Now within this page, basically, if you look here, it says "Get your developer license." So you need to click here. Request your developer license. It asks you for the Developer License Agreement. So make sure you read the agreement and if it seemsgood, you can go ahead, click here and click on . Perfect. So now you will see the request is pending. So basically, this works based on the approval process. So once your request has been approved, youwould get your licence typically on the email. And in case you have an issue, you can even send an email to this specific email address, which is posted. Now one last thing that I would really like to share is that it takes a little amount of time for the developer licence to arrive. It's not always immediate, primarily because there's an approval process. So anyways, in case your licence arrives late, it does not really matter because the practical that we'll be doing will still work with the enterprise trial licence in case it arrives in time. Then you can go ahead and install that licence within your Splunk instance. So this is it for today's video. I hope this has been informative for you, and I look forward to seeing you in the next video.
10. Important Pointer for Docker in Windows
Hey everyone and welcome back. So I would just like to give you an update to say that I have received the Splunk developer license. It now takes four to five hours for the licence to arrive via email. Remember that it goes through an approval process. But it has finally arrived. So this is my Splunk licence file. All you need to do is download it to your computer. Now, within Splunk, you have to go to Settings, and you need to go to Licensing. Now, within the licensing, you can add a licence here. Now the way you have to do it is you have to click on choose file, and you have to choose this plank licence that got downloaded. So I have selected my Splunk licence file. I'll go ahead and do an install, and after you have installed it, you will need to restart your Splunk. So you just click the Restart Now button. And let's just quickly wait for a minute till it gets restarted. Perfect. So let me quickly log in again. And this is pretty funny because whenever you try to log in, it will again ask you for a restart because it will take you to that restart page. So you do a cancel here, and now you can go to the licencing page again, and you would typically see that you have a Splunk developer license, which says do not distribute. And the data size is 10 GB. So this is the ten GB of data that you really have. So now you do not really have to worry about importing data that is bigger than 500 MB per day. You can even import huge sets of data, which you can use for your development and testing purposes. So this is it for today's video. I hope this was informative for you, and I look forward to seeing you in the next video. Bye.
Pay a fraction of the cost to study with Exam-Labs SPLK-2002: Splunk Enterprise Certified Architect certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including SPLK-2002: Splunk Enterprise Certified Architect certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.