Troubleshooting Splunk Enterprise

This course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise. This is a lab-oriented class, designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system.

This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.


This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment.


To be successful, students should have completed the following courses:

Course objectives

  • Splunk Troubleshooting Methods and Tools
  • Indexing Problems
  • Input Configuration Problems
  • Deployment Problems
  • License, Upgrade, and User Management Problems
  • Search Management Problems
  • User Search Problems

Course content

Module 1 – Splunk Troubleshooting Methods and Tools

  • Describe the Splunk troubleshooting approach
  • List Splunk diagnostic resources and tools
  • Create and splunk a diag
  • Use RapidDiag

Module 2 – Indexing Problems

  • Discover Splunk deployment topology and its server roles
  • Identify where to check the Index-time pipeline status
  • Use the metrics.log to clarify the index-time problem

Module 3 – Input Configuration Problems

  • Data input issues
  • Troubleshooting inputs with Monitoring Console

Module 4 – Deployment Problems

  • Deployment server issues
  • Forwarding and receiving issues

Module 5 – License, Upgrade, and User Management Problems

  • Installation issues
  • Upgrade considerations
  • Splunk licensing issues
  • Splunk roles and user management issues

Module 6 – Search Management Problems

  • Troubleshoot distributed search issues
  • Identify job scheduling issues
  • Learn to diagnose crashing problems
  • Describe how to prioritize resources for critical Splunk processes

Module 7 – User Search Problems

  • Identify the types of search problems
  • Isolate and troubleshoot search problems