Splunk Cloud Administration

This 18-hour hands-on module prepares administrators to manage users and get data in Splunk Cloud. Modules include data inputs and forwarder configuration, data management, user accounts, and basic monitoring and problem isolation.

Days : 4
Price :




The module provides administrators with the skills, knowledge and best practices for data management and system configuration for data collection and ingestion in a Splunk Cloud environment to maintain a productive Splunk SaaS deployment.

Please note that classes may run across four days, consisting of 4.5 hour sessions each day.


This course is part of the following Certifications:

Splunk Cloud Certified Admin


To be successful, students should have a solid understanding of the following:

  • Fundamentals 1 (Retired)
  • Fundamentals 2 (Retired)

Or the following single-subject modules:

What is Splunk? (WIS)
Intro to Splunk (ITS)
Using Fields (SUF)
Intro to Knowledge Objects (IKO)
Creating Knowledge Objects (CKO)
Creating Field Extractions (CFE)

Course Objectives

  • Splunk Cloud overview
  • User Authentication and Authorization
  • Index Management and Data Retention
  • Splunk configuration files
  • Cloud Ingestion – Using Splunk forwarders
  • Forwarder management
  • Data inputs in detail
  • Cloud Ingestion – Use API, Scripted, HEC and Applications
  • Event Parsing with data preview
  • Manipulating raw data
  • Installing and managing applications
  • Problem isolation and working with Splunk Cloud support

Outline: Splunk Cloud Administration (SCA)

Topic 1 – Splunk Cloud Overview

  • Describe Cloud topology
  • Describe tasks managed by the Splunk cloud administrator
  • List the primary differences between Splunk Cloud and Splunk Enterprise
  • List differences between Self-Service Cloud and Managed Cloud

Topic 2 – Index Management

  • Define a Splunk Index
  • Create indexes in cloud
  • Delete data from an index
  • Monitor indexing activities

Topic 3 – User Authentication and Authorization

  • Administer Splunk user roles
  • Integrate Splunk with LDAP, Active Directory, or SAML

Topic 4 – Splunk Configuration Files

  • Review Splunk configuration files and directories
  • Review configuration file precedence
  • Review index and search time processes

Topic 5 – Cloud Ingestion – Using Splunk Forwarders

  • Review cloud ingestion strategies
  • Understand the role of forwarders in GDI
  • Configure forwarding to Splunk Cloud
  • Monitoring forwarder connectivity
  • Explore optional forwarder settings

Topic 6 – Forwarder Management

  • Describe Splunk Deployment Server
  • Explain the use of forwarder management
  • Configure forwarders to be deployment clients
  • Managing forwarders using deployment apps

Topic 7 – Monitor Inputs

  • Describe the Splunk process for inputting data
  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs

Topic 8 – Cloud Ingestion – Using API, Scripted and HEC Inputs

  • Understand how data is ingested using API
  • Know how to deploy scripted inputs
  • Describe how to use HEC for ingestion

Topic 9 – Cloud Ingestion – Application Based Inputs

  • Understand how inputs are managed using in apps or add-ons
  • Describe how customers may use Splunk Stream app
  • Deploy Cloud inputs for use on an IDM

Topic 10 – Fine-tuning Inputs

  • Describe the default processing that occurs during the input phase
  • Configure input phase options, such as source type fine-tuning and character set encoding

Topic 11 – Parsing Phase and Data Preview

  • Describe the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

  Topic 12 – Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf to modify raw data
  • Use SEDCMD to modify raw data

Topic 13 – Installing and Managing Apps

  • Understand how apps and add-ons are vetted and installed in Cloud
  • Create apps to managing and distribute configurations

Topic 14 – Splunk Cloud Support and Troubleshooting

  • Troubleshooting Splunk deployments
  • Collecting data and use diagnostics or monitoring to investigate
  • Overview of how to collect the relevant data for support to troubleshoot


  • Explore diagnostic tools and isolation troubleshooting used to investigate and solve issues