Transitioning to Splunk Cloud (TSC) – Outline

Detailed Course Outline

Module 1 – Splunk Cloud Overview

  • Describe Splunk and Splunk Cloud features and topology
  • Identify Splunk Cloud administrator tasks
  • Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience
  • Secure Splunk deployments best practices
  • Explain Splunk Cloud data ingestion strategies

Module 2 – Splunk Cloud Migration

  • Understand the Splunk Cloud migration journey
  • Determine Splunk Cloud migration readiness
  • Identify Splunk Cloud migration preparation tasks, strategies, and possible challenges

Module 3 – Managing Users

  • Identify Splunk Cloud authentication options
  • Add Splunk users using native authentication
  • Create a custom role
  • Integrate Splunk with LDAP, Active Directory or SAML
  • Use Workload Management to manage user resource usage
  • Manage users in Splunk

Module 4 – Managing Indexes

  • Understand cloud indexing strategy
  • Define and create indexes
  • Manage data retention and archiving
  • Delete and mask data from an index
  • Monitor indexing activities

Module 5 – Managing Apps

  • Review the process for installing apps
  • Define the purpose of private apps
  • Upload private apps
  • Describe how apps are managed

Module 6 – Configuring Forwarders

  • List Splunk forwarder types
  • Understand the role of forwarders
  • Configure a forwarder to send data to Splunk Cloud
  • Test the forwarder connection
  • Describe optional forwarder settings

Module 7 – Common Inputs

  • Describe forwarder inputs such as files and directories
  • Create REST API inputs
  • Create a basic scripted input
  • Create Splunk HTTP Event Collector (HEC) agentless inputs

Module 8 – Additional Inputs

  • Understand how inputs are managed using apps or add-ons
  • Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub

Module 9 – Using Ingest Actions

  • Explore Splunk transformation methods
  • Create and manage rulesets with Ingest Actions
  • Mask, filter and route data with Ingest Action rules

Module 10 – Managing Splunk Cloud

  • Secure ingest with Splunk Cloud Private Connectivity with AWS
  • Describe Federated Search functionality
  • Describe Splunk connected experience apps such as Splunk Secure Gateway
  • Monitor and manage resource utilization by business units and users using Splunk App for Chargeback
  • Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service

Module 11 – Supporting Splunk Cloud

  • Know how to isolate problems before contacting Splunk Cloud Support
  • Use Isolation Troubleshooting
  • Define the process for engaging Splunk Support

Appendix

  • Explore Splunk security fundamentals