AWS Observability with Splunk

Contact us to book this course
Delivery methods icon
Delivery methods

On-Site, Virtual

Duration icon
Duration

1 day

This comprehensive, vertical-specific training demonstrates Splunk's strategic value for enterprise observability and security monitoring on AWS. Participants will deploy distributed Splunk architectures with indexer clustering, search head clustering, and SmartStore for S3-based data tiering.

The curriculum covers the complete data pipeline from Universal Forwarders through indexing to search optimization, with deep integration of AWS-native data sources including CloudTrail, VPC Flow Logs, GuardDuty, and Security Hub. By day's end, students will architect production Splunk deployments with multi-AZ high availability, implement site-aware replication for fault tolerance, and optimize both indexing throughput and search performance using parallelIngestionPipelines, tstats, and data model acceleration.

Learning Objectives

  • Deploy and configure distributed Splunk Enterprise on AWS with indexer clusters and site-aware replication across multiple Availability Zones.

  • Implement SmartStore with Amazon S3 for cost-effective data tiering, configuring cache sizing formulas and monitoring cache hit rates for optimal search performance.

  • Master Advanced SPL including subsearches, lookups, macros, and the eval command to build correlation searches that link IAM changes in CloudTrail to anomalous traffic in VPC Flow Logs.

  • Configure search head clustering with Raft consensus for automatic captain election, deployer workflows for app distribution, and ALB integration with sticky sessions.

  • Integrate AWS-native security data sources using Splunk Add-on for AWS, including GuardDuty findings, Security Hub aggregation, and real-time CloudWatch metrics streaming.

  • Optimize indexing performance using parallelIngestionPipelines (for throughput increase) and search performance with tstats for faster aggregations.

  • Execute Business-Aligned Observability by completing a vertical-specific lab (Fintech, Healthcare, or Media) implementing production monitoring patterns for AWS workloads.

Who Should Attend

Splunk Administrators, Cloud Architects, Security Engineers, and DevOps/SREs responsible for deploying enterprise observability platforms on AWS. Previous experience with Linux CLI and basic AWS services (EC2, S3, IAM, VPC) is assumed. Familiarity with log management concepts is helpful but not required.

Course outline

Ready to accelerate your team's innovation?

Schedule a meeting

Related courses

Browse all courses