Splunk Training Complete!
Last week I attended Splunk training and it was very informative and inspiring.
Not only was it instructor based but it was 4 classes combined into 5 days. The labs are very to the point and on topic. It was very educational and good time.
I’m now preparing for the Splunk Certified Power User and the Splunk Certified Admin tests.I’m setting up a lab with an Ubuntu Linux OS for the single server install of Splunk. I plan to roll a few Windows Server and Desktop OSes to generate data. I’m going to install the Universal Forwarders on them and control their configs using Forwarder Management and a Deployment Server. I’ll be managing the data with the Splunk App for Windows Infrastructure and the Splunk Add-on for Microsoft Windows. They are basic methods to collect data from Windows using the Universal Forwarders. I know there are multiple other ways to collect data from a Windows environment like WMI and PowerShell scripts but I want to work with what Splunk has put together before I start using other methods. Also if you have never spoken to anyone who works with Splunk apparently the phrase “put the Universal Forwarder on it” is not a joke. They actually mean it. Yes you don’t have to put it on everything but they sure will tell you to!
I’m also going to get Citrix XenDesktop installed on one of the Windows Server instances so I can deploy the Template for Citrix XenDesktop 7. I will use it to monitor an all in one install of XenDesktop 7.9. That is the latest and the greatest from Citrix so hopefully the app from Jason Conger will support it. He has been updating it so we’ll see. Since he is at Splunk now I wonder if I can get him when contacting Splunk support or even if I can convince Splunk to make it an officially support app?
It should be fun to see what metrics I can pull from the Citrix environment and a wonderful learning experience.