Splunk On-Call Administration
Duration : 1 Day (8 Hours)
Splunk On-Call Administration Course Overview:
This course is designed for Splunk On-Call administrators responsible for setting up incident response with Splunk On-Call. It is intended for individuals who need to perform tasks related to configuring on-call teams, defining schedules and rotations, setting up alerts and integrations, creating post-incident review reports, tracking response metrics, and customizing reports. Additionally, this course covers advanced features like the Rules engine for advanced customization and configuring webhook integrations.
Intended Audience:
- The target audience for this course includes Splunk On-Call administrators and incident response managers responsible for setting up and configuring incident response with Splunk On-Call.
Learning Objectives of Splunk On-Call Administration:
- Set up Splunk On-Call teams
- Configure integrations and alerts
- Generate reports on team activity and performance
- Utilize the Rules engine to trigger custom alerts
- Establish webhook integrations
Module 1 – Introduction and Planning
- Create an incident response plan
- Explain the typical incident flow in Splunk On-Call
- Define key concepts in Splunk On-Call, including Escalation Policies, Incidents, and Actions
- Create new user accounts
- Establish user paging (notification) policies
- Plan on-call schedules
Module 2 – Users, Teams, Rotations, and Escalation Policies
- Describe the Splunk On-Call setup process
- Differentiate between Splunk On-Call user roles
- Create teams and add users using both the UI and API
- Add and remove team managers
- Create on-call schedules, including shifts, rotations, and members
- Develop Escalation Policies for handling incoming incidents
Module 3 – Configuring Integrations and Alerts
- Explain the role of a routing key
- Create routing keys following best practices
- Configure Splunk On-Call integrations
Module 4 – Reporting on Team Activity and Performance
- Differentiate between various types of reports
- Create post-incident review reports
- Monitor response metrics
- Customize on-call review reports
- Track incident flow using the Incident Frequency report (Enterprise edition only)
Module 5 – Advanced Features
- Utilize the Alert Rules Engine to add annotations to incidents
- Apply the Alert Rules Engine to transform alerts
- Re-route or mute incidents based on their content
- Create outgoing Webhooks to extend product functionality
- Explore the public API portal for details on the public API
Splunk On-Call Administration Course Prerequisites:
- None
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!