Splunk Cloud Administration

Duration : 3 Days (24 Hours)

Splunk Cloud Administration Course Overview:

This instructor-led course is designed for the following audience:

  • Administrators who are new to Splunk Cloud.
  • Administrators looking to enhance their skills and knowledge in managing Splunk Cloud instances.
  • Individuals responsible for data management and system configuration for data collection and ingestion in a Splunk Cloud environment.
  • Those aiming to create and maintain a productive Splunk Software as a Service (SaaS) deployment.

It’s important to note that taking both the “Splunk Cloud Administration” and “Transitioning to Splunk Cloud” courses is not recommended, as they cover similar Splunk Cloud-specific skills, and there is some overlap between them.

Intended Audience:

  • Administrators new to Splunk Cloud.
  • Individuals looking to become more experienced in managing Splunk Cloud instances.
  • Those responsible for data management and system configuration for data collection and ingestion in a Splunk Cloud environment.
  • Professionals aiming to create a productive Splunk SaaS deployment.

Learning Objectives of Splunk Cloud Administration:

  • Splunk Cloud Overview
  • Managing User Authentication and Authorization in Splunk
  • Managing Splunk Indexes
  • Using Splunk Configuration Files
  • Configuring and Managing Splunk Forwarders
  • Configuring Inputs to Cloud, Including Files and Directories from Forwarders, API, Scripted, HEC, and Application-Based Inputs
  • Exploring the Parsing Phase and Data Preview
  • Manipulating Raw Data
  • Installing and Managing Applications
  • Problem Isolation and Working with Splunk Cloud Support

Module 1 – Splunk Cloud Overview

  • Describe Splunk Cloud features and topology
  • Identify Splunk Cloud administrator managed tasks
  • List the primary Splunk Enterprise on-prem and Splunk Cloud administrator tasks
  • Explain Splunk Cloud data ingestion strategies

Module 2 – Managing Users

  • Identify Splunk Cloud authentication options
  • Add Splunk users using native authentication
  • Integrate Splunk with LDAP, Active Directory, or SAML
  • Create a custom role
  • Manage users in Splunk
  • Use Workload Management to manage user resource usage

Module 3 – Managing Indexes

  • Understand cloud indexing strategy
  • Define and create indexes
  • Manage data retention and archiving
  • Delete and mask data from an index
  • Monitor indexing activities

Module 4 – Using Configuration Files

  • Describe Splunk configuration directory structure
  • Describe the configuration layering process with index and search time precedence
  • Use Splunk tools to examine configuration settings such as btool

Module 5 – Configuring Forwarders

  • List Splunk forwarder types
  • Understand the role of forwarders
  • Configure a forwarder to send data to Splunk Cloud
  • Test the forwarder connection
  • Describe optional forwarder settings

Module 6 – Managing Forwarders

  • Describe Splunk Deployment Server (DS)
  • Manage forwarders using deployment apps
  • Configure deployment clients and client groups
  • Monitor forwarder management activities

Module 7 – Forwarder Inputs

  • Describe the Splunk process for inputting data
  • Creating network inputs
  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs

Module 8 – API, Scripted and HEC Inputs

  • Create REST API inputs
  • Create a basic scripted input
  • Identify Linux-specific inputs
  • Identify Windows-specific inputs
  • Create Splunk HTTP Event Collector (HEC) agentless inputs

Module 9 – Application-Based Inputs

  • Understand how inputs are managed using apps or add-ons
  • Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub

Module 10 – Fine-tuning Inputs

  • Describe the default processing that occurs during the input phase
  • Configure input phase options, such as source type fine-tuning and character set encoding
  • Reset file check pointers on a forwarder using the btprobe command

Module 11 – Parsing Phase and Data Preview

  • Describe the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Modify how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Module 12 – Manipulating Raw Data

  • Explore Splunk transformation methods
  • Mask data with SEDCMD and TRANSFORMS
  • Override sourcetype or host based upon event values
  • Create rulesets with Ingest Actions
  • Mask data with Ingest Action rules

Module 13 – Installing and Managing Apps

  • Review the process for installing apps
  • Define the purpose of private apps
  • Upload private apps
  • Describe how apps are managed

Module 14 – Managing Splunk Cloud

  • Describe Splunk connected experience apps such as Splunk Secure Gateway
  • Monitor and manage resource utilization by business units and users using Splunk App for Chargeback
  • Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service

Module 15 – Supporting Splunk Cloud

  • Know how to isolate problems before contacting Splunk Cloud Support
  • Use Isolation Troubleshooting
  • Define the process for engaging Splunk Support
  • Improve Mean Time to Resolution (MTTR) by using clear communication, diagnostic tools, monitoring, and the CMC


  • Explore Splunk security fundamentals

Splunk Cloud Administration Course Prerequisites:

To be successful in the Splunk Cloud Administration course, students should have a working knowledge of the topics covered in the following prerequisite courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.