Transitioning to Splunk Cloud
Duration : 2 Days (16 Hours)
Transitioning to Splunk Cloud Course Overview:
This course is designed for experienced on-prem administrators and individuals seeking to enhance their knowledge and skills in managing Splunk Cloud instances. It covers the distinctions between on-prem Splunk and various Splunk Cloud offerings. The modules include topics on migrating data collection and ingest from on-prem Splunk to Splunk Cloud, emphasizing Splunk Cloud-specific variations and best practices for effective Splunk SaaS deployments. For Splunk Administrators who have already completed the System and Data Administration learning pathways, this course focuses on key distinctions between Splunk Enterprise on-premises deployment and Splunk Enterprise Cloud to facilitate the transition to Splunk Cloud for data and system management. The hands-on lab provides practical experience in managing a Splunk Cloud instance.
Note: “Splunk Cloud Administration” and “Transitioning to Splunk Cloud” should not be taken together, as both courses aim to develop Splunk Cloud-specific skills, and there is some overlap.
Intended Audience:
- Experienced Splunk Administrators
- On-Prem Administrators Transitioning to Splunk Cloud
- Administrators Responsible for Splunk Cloud Instances
- System and Data Administrators
- Those Interested in Data Management and System Configuration
- Splunk Professionals Looking to Migrate Data
Learning Objectives of Transitioning to Splunk Cloud:
- Splunk Cloud Overview and Migration
- Managing User Authentication and Authorization in Splunk Cloud
- Managing Splunk Indexes in the Cloud
- Configuring Splunk Forwarders for Cloud
- Configuring Inputs to Cloud, Including API, Scripted, HEC, and Application-Based Inputs
- Exploring GDI (General Data Ingestion) Performance Considerations
- Installing and Managing Applications in Splunk Cloud
- Problem Isolation and Working with Splunk Cloud Support
Module 1 – Splunk Cloud Overview
- Describe Splunk Cloud features and topology.
- Identify Splunk Cloud administrator managed tasks.
- Explain the differences between Splunk Enterprise on-premise and Splunk Cloud data ingestion strategies.
Module 2 – Splunk Cloud Migration
- Understand the Splunk Cloud migration journey.
- Determine Splunk Cloud migration readiness.
- Identify Splunk Cloud migration preparation tasks, strategies, and possible challenges.
Module 3 – Managing Users
- Identify Splunk Cloud authentication options.
- Add Splunk users using native authentication.
- Integrate Splunk with LDAP, Active Directory, or SAML.
- Create a custom role.
- Manage users in Splunk.
- Use Workload Management to manage user resource usage.
Module 4 – Managing Indexes
- Understand cloud indexing strategy.
- Define and create indexes.
- Manage data retention and archiving.
- Delete and mask data from an index.
- Monitor indexing activities.
Module 5 – Configuring Forwarders
- List Splunk forwarder types.
- Understand the role of forwarders.
- Configure a forwarder to send data to Splunk Cloud.
- Test the forwarder connection.
- Describe optional forwarder settings.
Module 6 – API, Scripted, and HEC Inputs
- Create REST API inputs.
- Create a basic scripted input.
- Create Splunk HTTP Event Collector (HEC) agentless inputs.
Module 7 – Application Based Inputs
- Understand how inputs are managed using apps or add-ons.
- Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub.
Module 8 – GDI Performance Considerations
- Describe the default processing that occurs during parsing.
- Optimize and configure event line breaking.
- Modify how timestamps and time zones are extracted or assigned to events.
- Use Data Preview to validate event creation during the parsing phase.
- Explain how data transformations are defined and invoked.
Module 9 – Installing and Managing Apps
- Review the process for installing apps.
- Define the purpose of private apps.
- Upload private apps.
- Describe how apps are managed.
Module 10 – Managing Splunk Cloud
- Describe Splunk connected experience apps such as Splunk Secure Gateway.
- Monitor and manage resource utilization by business units and users using Splunk App for Chargeback.
- Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service.
Module 11 – Supporting Splunk Cloud
- Know how to isolate problems before contacting Splunk Cloud Support.
- Use Isolation Troubleshooting.
- Define the process for engaging Splunk Support.
- Improve Mean Time to Resolution (MTTR) by using clear communication, diagnostic tools, monitoring, and the CMC.
Appendix – Explore Splunk Security Fundamentals
This structure should make it easier to navigate and understand the course content.
Transitioning to Splunk Cloud Course Prerequisites:
- What is Splunk?
- Intro to Splunk
- Using Fields
- Introduction to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!