Description
Certifications
This course is part of the following Certifications:
Splunk Cloud Certified Admin
Prerequisites
To be successful, students should have a solid understanding of the following:
- System Administration
- Data Administration
Course Objectives
- Splunk Cloud Overview
- User Authentication and Authorization
- Index Management and Data Retention
- Cloud Ingestion – Using Splunk Forwarders
- Cloud Ingestion – Use API, HEC and Scripted Inputs
- Cloud Ingestion – Using Apps and IDM Inputs
- Installing and Managing Apps
- GDI Performance Considerations
- Problem isolation and working with Splunk Cloud support
Outline: Transitioning to Splunk Cloud (TSC)
Topic 1 – Splunk Cloud Overview
- Describe Cloud SaaS benefits and features
- Identify Splunk Cloud administrator managed tasks
- Explain the differences between Splunk Enterprise on premise and Splunk Enterprise Cloud
Topic 2 – User Authentication and Authorization
- Identify Splunk Cloud authentication options
- Add Splunk users using native authentication
- Integrate Splunk with LDAP, Active Directory or SAML
- Understanding Splunk authorization options
Topic 3 – Index Management and Data Retention
- Understand cloud indexing strategy
- Create indexes in cloud
- Manage data retention and archiving
- Monitor indexing activities
Topic 4 – Cloud Ingestion – Using Splunk Forwarders
- Review cloud ingestion strategies
- Understand the role of forwarders in GDI
- Configure forwarding to Splunk Cloud
- Monitoring forwarder connectivity
- Explore optional forwarder settings
Topic 5 – Cloud Ingestion – Using API, Scripted and HEC Inputs
- Understand how data is ingested using API
- Describe how to use HEC for ingestion
- Know how to deploy scripted inputs
Topic 6 – Cloud Ingestion – Application Based Inputs
- Understand how inputs are managed using in apps or add-ons
- Describe how customers may use Splunk Stream app
- Deploy Cloud inputs for use on an IDM
Topic 7 – Installing and Managing Apps
- Understand how apps and add-ons are vetted and installed in Cloud
- Create apps to managing and distribute configurations
Topic 8 – GDI Performance Considerations
- Understand how event parsing and processing may impact performance
- Use Data Preview to validate and address event creation issues
- Explain how data transformations are defined and invoked
Topic 9 – Splunk Cloud Support and Troubleshooting
- Troubleshooting Splunk deployments
- Collecting data and use diagnostics or monitoring to investigate
- Overview of how to collect the relevant data for support to troubleshoot
Appendix
- Explore diagnostic tools and isolation troubleshooting used to investigate and solve issues