Splunk Cloud Administration
Duration : 3 Days (24 Hours)
Splunk Cloud Administration Course Overview:
This instructor-led course is designed for the following audience:
- Administrators who are new to Splunk Cloud.
- Administrators looking to enhance their skills and knowledge in managing Splunk Cloud instances.
- Individuals responsible for data management and system configuration for data collection and ingestion in a Splunk Cloud environment.
- Those aiming to create and maintain a productive Splunk Software as a Service (SaaS) deployment.
It’s important to note that taking both the “Splunk Cloud Administration” and “Transitioning to Splunk Cloud” courses is not recommended, as they cover similar Splunk Cloud-specific skills, and there is some overlap between them.
Intended Audience:
- Administrators new to Splunk Cloud.
- Individuals looking to become more experienced in managing Splunk Cloud instances.
- Those responsible for data management and system configuration for data collection and ingestion in a Splunk Cloud environment.
- Professionals aiming to create a productive Splunk SaaS deployment.
Learning Objectives of Splunk Cloud Administration:
- Splunk Cloud Overview
- Managing User Authentication and Authorization in Splunk
- Managing Splunk Indexes
- Using Splunk Configuration Files
- Configuring and Managing Splunk Forwarders
- Configuring Inputs to Cloud, Including Files and Directories from Forwarders, API, Scripted, HEC, and Application-Based Inputs
- Exploring the Parsing Phase and Data Preview
- Manipulating Raw Data
- Installing and Managing Applications
- Problem Isolation and Working with Splunk Cloud Support
Module 1 – Splunk Cloud Overview
- Describe Splunk Cloud features and topology
- Identify Splunk Cloud administrator managed tasks
- List the primary Splunk Enterprise on-prem and Splunk Cloud administrator tasks
- Explain Splunk Cloud data ingestion strategies
Module 2 – Managing Users
- Identify Splunk Cloud authentication options
- Add Splunk users using native authentication
- Integrate Splunk with LDAP, Active Directory, or SAML
- Create a custom role
- Manage users in Splunk
- Use Workload Management to manage user resource usage
Module 3 – Managing Indexes
- Understand cloud indexing strategy
- Define and create indexes
- Manage data retention and archiving
- Delete and mask data from an index
- Monitor indexing activities
Module 4 – Using Configuration Files
- Describe Splunk configuration directory structure
- Describe the configuration layering process with index and search time precedence
- Use Splunk tools to examine configuration settings such as btool
Module 5 – Configuring Forwarders
- List Splunk forwarder types
- Understand the role of forwarders
- Configure a forwarder to send data to Splunk Cloud
- Test the forwarder connection
- Describe optional forwarder settings
Module 6 – Managing Forwarders
- Describe Splunk Deployment Server (DS)
- Manage forwarders using deployment apps
- Configure deployment clients and client groups
- Monitor forwarder management activities
Module 7 – Forwarder Inputs
- Describe the Splunk process for inputting data
- Creating network inputs
- Create file and directory monitor inputs
- Use optional settings for monitor inputs
Module 8 – API, Scripted and HEC Inputs
- Create REST API inputs
- Create a basic scripted input
- Identify Linux-specific inputs
- Identify Windows-specific inputs
- Create Splunk HTTP Event Collector (HEC) agentless inputs
Module 9 – Application-Based Inputs
- Understand how inputs are managed using apps or add-ons
- Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub
Module 10 – Fine-tuning Inputs
- Describe the default processing that occurs during the input phase
- Configure input phase options, such as source type fine-tuning and character set encoding
- Reset file check pointers on a forwarder using the btprobe command
Module 11 – Parsing Phase and Data Preview
- Describe the default processing that occurs during parsing
- Optimize and configure event line breaking
- Modify how timestamps and time zones are extracted or assigned to events
- Use Data Preview to validate event creation during the parsing phase
Module 12 – Manipulating Raw Data
- Explore Splunk transformation methods
- Mask data with SEDCMD and TRANSFORMS
- Override sourcetype or host based upon event values
- Create rulesets with Ingest Actions
- Mask data with Ingest Action rules
Module 13 – Installing and Managing Apps
- Review the process for installing apps
- Define the purpose of private apps
- Upload private apps
- Describe how apps are managed
Module 14 – Managing Splunk Cloud
- Describe Splunk connected experience apps such as Splunk Secure Gateway
- Monitor and manage resource utilization by business units and users using Splunk App for Chargeback
- Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service
Module 15 – Supporting Splunk Cloud
- Know how to isolate problems before contacting Splunk Cloud Support
- Use Isolation Troubleshooting
- Define the process for engaging Splunk Support
- Improve Mean Time to Resolution (MTTR) by using clear communication, diagnostic tools, monitoring, and the CMC
Appendix
- Explore Splunk security fundamentals
Splunk Cloud Administration Course Prerequisites:
To be successful in the Splunk Cloud Administration course, students should have a working knowledge of the topics covered in the following prerequisite courses:
- What is Splunk?
- Intro to Splunk
- Using Fields
- Introduction to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!