Transitioning to Splunk Cloud (TSC) – Details

Detaillierter Kursinhalt

Topic 1 – Splunk Cloud Overview

  • Describe Cloud features and topology
  • Identify Splunk Cloud administrator managed tasks
  • Explain the differences between Splunk Enterprise on premise and Splunk Cloud data ingestion strategies

Module 2 – Splunk Cloud Migration

  • Understand the Splunk Cloud migration journey
  • Determine Splunk Cloud migration readiness
  • Identify Splunk Cloud migration preparation tasks, strategies and possible challenges

Module 3 – Managing Users

  • Identify Splunk Cloud authentication options
  • Add Splunk users using native authentication
  • Integrate Splunk with LDAP, Active Directory or SAML
  • Create a custom role
  • Manage users in Splunk
  • Use Workload Management to manage user resource usage

Module 4 – Managing Indexes

  • Understand cloud indexing strategies
  • Define and create indexes
  • Manage data retention and archiving
  • Delete and mask data from an index
  • Monitor indexing activities

Module 5 – Configuring Forwarders

  • List Splunk forwarder types
  • Understand the role of forwarders
  • Configure a forwarder to send data to Splunk Cloud
  • Test the forwarder connection
  • Describe optional forwarder settings

Module 6 – API, Scripted and HEC Inputs

  • Create REST API inputs
  • Create a basic scripted input
  • Create Splunk HTTP Event Collector (HEC) agentless inputs

Module 7 – Application Based Inputs

  • Understand how inputs are managed using apps or add-ons
  • Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, and Inputs Data Manager (IDM)

Module 8 – GDI Performance Considerations

  • Describe the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Modify how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase
  • Explain how data transformations are define and invoked

Module 9 – Installing and Managing Apps

  • Review the process for installing apps
  • Define the purpose of private apps
  • Upload private apps
  • Describe how apps are managed

Module 10 – Managing Splunk Cloud

  • Describe Splunk connected experience apps such as Splunk Secure Gateway
  • Monitor and manage resource utilization by business units and users using Splunk App for Chargeback
  • Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service

Module 11 – Supporting Splunk Cloud

  • Know how to isolate problems before contacting Splunk Cloud Support
  • Use Isolation Troubleshooting
  • Define the process for engaging Splunk Support
  • Improve Mean Time to Resolution (MTTR) by using clear communication, diagnostic tools, monitoring and the CMC

Appendix

  • Explore Splunk security fundamentals