Splunk On-Call Administration

Duration : 1 Day (8 Hours)

Splunk On-Call Administration Course Overview:

This course is designed for Splunk On-Call administrators responsible for setting up incident response with Splunk On-Call. It is intended for individuals who need to perform tasks related to configuring on-call teams, defining schedules and rotations, setting up alerts and integrations, creating post-incident review reports, tracking response metrics, and customizing reports. Additionally, this course covers advanced features like the Rules engine for advanced customization and configuring webhook integrations.

Intended Audience:

  • The target audience for this course includes Splunk On-Call administrators and incident response managers responsible for setting up and configuring incident response with Splunk On-Call.

Learning Objectives of Splunk On-Call Administration:

  • Set up Splunk On-Call teams
  • Configure integrations and alerts
  • Generate reports on team activity and performance
  • Utilize the Rules engine to trigger custom alerts
  • Establish webhook integrations

Module 1 – Introduction and Planning

  • Create an incident response plan
  • Explain the typical incident flow in Splunk On-Call
  • Define key concepts in Splunk On-Call, including Escalation Policies, Incidents, and Actions
  • Create new user accounts
  • Establish user paging (notification) policies
  • Plan on-call schedules

Module 2 – Users, Teams, Rotations, and Escalation Policies

  • Describe the Splunk On-Call setup process
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules, including shifts, rotations, and members
  • Develop Escalation Policies for handling incoming incidents

Module 3 – Configuring Integrations and Alerts

  • Explain the role of a routing key
  • Create routing keys following best practices
  • Configure Splunk On-Call integrations

Module 4 – Reporting on Team Activity and Performance

  • Differentiate between various types of reports
  • Create post-incident review reports
  • Monitor response metrics
  • Customize on-call review reports
  • Track incident flow using the Incident Frequency report (Enterprise edition only)

Module 5 – Advanced Features

  • Utilize the Alert Rules Engine to add annotations to incidents
  • Apply the Alert Rules Engine to transform alerts
  • Re-route or mute incidents based on their content
  • Create outgoing Webhooks to extend product functionality
  • Explore the public API portal for details on the public API

Splunk On-Call Administration Course Prerequisites:

  • None

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.