Transitioning to Splunk Cloud

This 9-hour virtual module highlights key differences between Splunk Enterprise deployed on-premises and Splunk Enterprise Cloud to allow Splunk Administrators to transition to Splunk Cloud. Please note that this course may run over two days, with 4.5 hour sessions each day.

This module provides the skills and knowledge for experienced on-prem administrators to migrate the collection and data ingest as well as manage their Splunk Cloud environment and maintain a productive Splunk SaaS deployment.

Days : 2
Price :

This product is currently out of stock and unavailable.



This course is part of the following Certifications:

Splunk Cloud Certified Admin


To be successful, students should have a solid understanding of the following:

  • System Administration
  • Data Administration

Course Objectives

  • Splunk Cloud Overview
  • User Authentication and Authorization
  • Index Management and Data Retention
  • Cloud Ingestion – Using Splunk Forwarders
  • Cloud Ingestion – Use API, HEC and Scripted Inputs
  • Cloud Ingestion – Using Apps and IDM Inputs
  • Installing and Managing Apps
  • GDI Performance Considerations
  • Problem isolation and working with Splunk Cloud support

Outline: Transitioning to Splunk Cloud (TSC)

Topic 1 – Splunk Cloud Overview

  • Describe Cloud SaaS benefits and features
  • Identify Splunk Cloud administrator managed tasks
  • Explain the differences between Splunk Enterprise on premise and Splunk Enterprise Cloud

Topic 2 – User Authentication and Authorization

  • Identify Splunk Cloud authentication options
  • Add Splunk users using native authentication
  • Integrate Splunk with LDAP, Active Directory or SAML
  • Understanding Splunk authorization options

Topic 3 – Index Management and Data Retention

  • Understand cloud indexing strategy
  • Create indexes in cloud
  • Manage data retention and archiving
  • Monitor indexing activities

Topic 4 – Cloud Ingestion – Using Splunk Forwarders

  • Review cloud ingestion strategies
  • Understand the role of forwarders in GDI
  • Configure forwarding to Splunk Cloud
  • Monitoring forwarder connectivity
  • Explore optional forwarder settings

Topic 5 – Cloud Ingestion – Using API, Scripted and HEC Inputs

  • Understand how data is ingested using API
  • Describe how to use HEC for ingestion
  • Know how to deploy scripted inputs

Topic 6 – Cloud Ingestion – Application Based Inputs

  • Understand how inputs are managed using in apps or add-ons
  • Describe how customers may use Splunk Stream app
  • Deploy Cloud inputs for use on an IDM

Topic 7 – Installing and Managing Apps

  • Understand how apps and add-ons are vetted and installed in Cloud
  • Create apps to managing and distribute configurations

Topic 8 – GDI Performance Considerations

  • Understand how event parsing and processing may impact performance
  • Use Data Preview to validate and address event creation issues
  • Explain how data transformations are defined and invoked

Topic 9 – Splunk Cloud Support and Troubleshooting

  • Troubleshooting Splunk deployments
  • Collecting data and use diagnostics or monitoring to investigate
  • Overview of how to collect the relevant data for support to troubleshoot


  • Explore diagnostic tools and isolation troubleshooting used to investigate and solve issues