Description
Who should attend
This module is targeted towards Splunk On-call admins responsible for setting up incident response with Splunk On-Call.
Prerequisites
None.
Course Objectives
- Set up Splunk On-Call teams
- Set up integrations and configure alerts
- Report on team activity and performance
- Use the Rules engine to trigger custom alerts
- Set up webhook integrations
Outline: Splunk On-Call Administration (SOCA)
Topic 1 – Introduction and Planning
- Create a plan for incident response
- Describe the flow of a typical incident in Splunk On-Call
- Explain the Splunk on-call concepts including Escalation Policies, Incidents, and Actions
- Create new users
- Create user paging (notification) policies
- Plan on-call schedules
Topic 2 – Users, Teams, Rotations and Escalation Policies
- Describe the Splunk On-Call setup flow
- Differentiate between Splunk On-Call user roles
- Create teams and add users using both the UI and API
- Add and remove team managers
- Create on-call schedules including shifts, rotations, and members
- Build Escalation Policies for incoming incidents
Topic 3 – Configuring Integrations and Alerts
- Describe the purpose of a routing key
- Create a routing key using best practices
- Configure Splunk On-Call integrations
Topic 4 – Reporting on Team Activity and Performance
- Differentiate between the types of reports
- Create a post-incident review report
- Track response metrics
- Customize on-call Review report
- Track flow of incidents after the fact using the Incident Frequency report (Enterprise edition only)
Topic 5 – Advanced Features
- Use the Alert Rules Engine to add annotations to an incident
- Use the Alert Rules Engine to transform an alert
- Re-route or mute incidents based on content
- Create outgoing Webhooks to extend product functionality
- Use the public API portal to find details on the public API