Splunk Cloud Administration (SCA) – Outline

Detailed Course Outline

Topic 1 – Splunk Cloud Overview

  • Describe Cloud topology
  • Describe tasks managed by the Splunk cloud administrator
  • List the primary differences between Splunk Cloud and Splunk Enterprise
  • List differences between Self-Service Cloud and Managed Cloud

Topic 2 – Index Management

  • Define a Splunk Index
  • Create indexes in cloud
  • Delete data from an index
  • Monitor indexing activities

Topic 3 – User Authentication and Authorization

  • Administer Splunk user roles
  • Integrate Splunk with LDAP, Active Directory, or SAML

Topic 4 – Splunk Configuration Files

  • Review Splunk configuration files and directories
  • Review configuration file precedence
  • Review index and search time processes

Topic 5 – Cloud Ingestion – Using Splunk Forwarders

  • Review cloud ingestion strategies
  • Understand the role of forwarders in GDI
  • Configure forwarding to Splunk Cloud
  • Monitoring forwarder connectivity
  • Explore optional forwarder settings

Topic 6 – Forwarder Management

  • Describe Splunk Deployment Server
  • Explain the use of forwarder management
  • Configure forwarders to be deployment clients
  • Managing forwarders using deployment apps

Topic 7 – Monitor Inputs

  • Describe the Splunk process for inputting data
  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs

Topic 8 – Cloud Ingestion – Using API, Scripted and HEC Inputs

  • Understand how data is ingested using API
  • Know how to deploy scripted inputs
  • Describe how to use HEC for ingestion

Topic 9 – Cloud Ingestion – Application Based Inputs

  • Understand how inputs are managed using in apps or add-ons
  • Describe how customers may use Splunk Stream app
  • Deploy Cloud inputs for use on an IDM

Topic 10 – Fine-tuning Inputs

  • Describe the default processing that occurs during the input phase
  • Configure input phase options, such as source type fine-tuning and character set encoding

Topic 11 – Parsing Phase and Data Preview

  • Describe the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Topic 12 – Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf to modify raw data
  • Use SEDCMD to modify raw data

Topic 13 – Installing and Managing Apps

  • Understand how apps and add-ons are vetted and installed in Cloud
  • Create apps to managing and distribute configurations

Topic 14 – Splunk Cloud Support and Troubleshooting

  • Troubleshooting Splunk deployments
  • Collecting data and use diagnostics or monitoring to investigate
  • Overview of how to collect the relevant data for support to troubleshoot

Appendix

  • Explore diagnostic tools and isolation troubleshooting used to investigate and solve issues