{"course":{"productid":25907,"modality":1,"active":true,"language":"en","title":"Splunk Cloud Administration","productcode":"SCA","vendorcode":"SP","vendorname":"Splunk","fullproductcode":"SP-SCA","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/splunk-sca","essentials":"<p>To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:<\/p>\n<ul>\n<li>Intro to Splunk<\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-suf\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Using Fields <span class=\"fl-prod-pcode\">(SUF)<\/span><\/a><\/span><\/li><li>Intro to Knowledge Objects<\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-cko\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Creating Knowledge Objects <span class=\"fl-prod-pcode\">(CKO)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-cfe\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Creating Field Extractions <span class=\"fl-prod-pcode\">(CFE)<\/span><\/a><\/span><\/li><\/ul><p>Additional courses and\/or knowledge in these areas are also highly recommended:\n<\/p>\n<ul>\n<li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-edl\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Enriching Data with Lookups <span class=\"fl-prod-pcode\">(EDL)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-sdm\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Data Models <span class=\"fl-prod-pcode\">(SDM)<\/span><\/a><\/span><\/li><\/ul>","audience":"<p>Splunk Cloud Administrators.<\/p>","outline":"<p><strong>Module 1 &ndash; Splunk Cloud Overview<\/strong><\/p>\n<ul>\n<li>Describe Splunk and Splunk Cloud features and topology<\/li><li>Identify Splunk Cloud administrator tasks<\/li><li>Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience<\/li><li>Secure Splunk deployments best practices<\/li><li>Explain Splunk Cloud data ingestion strategies<\/li><\/ul><p><strong>Module 2 - Managing Users<\/strong>\n<\/p>\n<ul>\n<li>Identify Splunk Cloud authentication options<\/li><li>Add Splunk users using native authentication<\/li><li>Create a custom role<\/li><li>Integrate Splunk with LDAP, Active Directory or SAML<\/li><li>Use Workload Management to manage user resource usage<\/li><li>Manage users in Splunk<\/li><\/ul><p><strong>Module 3 &ndash; Managing Indexes<\/strong>\n<\/p>\n<ul>\n<li>Understand cloud indexing strategy<\/li><li>Define and create indexes<\/li><li>Manage data retention and archiving<\/li><li>Delete and mask data from an index<\/li><li>Monitor indexing activities<\/li><\/ul><p><strong>Module 4 &ndash; Using Configuration Files<\/strong>\n<\/p>\n<ul>\n<li>Describe Splunk configuration directory structure<\/li><li>Describe the configuration layering process with index and search time precedence<\/li><li>Use Splunk tools to examine configuration settings such as btool<\/li><\/ul><p><strong>Module 5 &ndash; Managing Apps<\/strong>\n<\/p>\n<ul>\n<li>Review the process for installing apps<\/li><li>Define the purpose of private apps<\/li><li>Upload private apps<\/li><li>Describe how apps are managed<\/li><\/ul><p><strong>Module 6 &ndash; Configuring Forwarders<\/strong>\n<\/p>\n<ul>\n<li>List Splunk forwarder types<\/li><li>Understand the role of forwarders<\/li><li>Configure a forwarder to send data to Splunk Cloud<\/li><li>Test the forwarder connection<\/li><li>Describe optional forwarder settings<\/li><\/ul><p><strong>Module 7 &ndash; Managing Forwarders<\/strong>\n<\/p>\n<ul>\n<li>Describe Splunk Deployment Server (DS)<\/li><li>Manage forwarders using deployment apps<\/li><li>Configure deployment clients and client groups<\/li><li>Monitor forwarder management activities<\/li><\/ul><p><strong>Module 8 &ndash; Forwarder Inputs<\/strong>\n<\/p>\n<ul>\n<li>Describe the Splunk process for inputting data<\/li><li>Create file and directory monitor inputs<\/li><li>Use optional settings for monitor inputs<\/li><li>Creating network inputs<\/li><\/ul><p><strong>Module 9 &ndash; Common Inputs<\/strong>\n<\/p>\n<ul>\n<li>Create REST API inputs<\/li><li>Create a basic scripted input<\/li><li>Identify Linux-specific inputs<\/li><li>Identify Windows-specific inputs<\/li><li>Create Splunk HTTP Event Collector (HEC) agentless inputs<\/li><\/ul><p><strong>Module 10 &ndash; Additional Inputs<\/strong>\n<\/p>\n<ul>\n<li>Understand how inputs are managed using apps or add-ons<\/li><li>Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub<\/li><\/ul><p><strong>Module 11 &ndash; Fine-tuning Inputs<\/strong>\n<\/p>\n<ul>\n<li>Describe the default processing that occurs during the input phase<\/li><li>Configure input phase options, such as source type fine-tuning and character set encoding<\/li><li>Reset file check pointers on a forwarder using the btprobe command<\/li><\/ul><p><strong>Module 12 &ndash; Parsing Phase and Data Preview<\/strong>\n<\/p>\n<ul>\n<li>Describe the default processing that occurs during parsing<\/li><li>Optimize and configure event line breaking<\/li><li>Modify how timestamps and time zones are extracted or assigned to events<\/li><li>Use Data Preview to validate event creation during the parsing phase<\/li><\/ul><p><strong>Module 13 &ndash; Manipulating Input Data<\/strong>\n<\/p>\n<ul>\n<li>Explore Splunk transformation methods<\/li><li>Mask, filter and route data with SEDCMD and TRANSFORMS<\/li><li>Override sourcetype or host based upon event values<\/li><li>Create and manage rulesets with Ingest Actions<\/li><li>Mask, filter and route data with Ingest Action rules<\/li><\/ul><p><strong>Module 14 &ndash; Managing Splunk Cloud<\/strong>\n<\/p>\n<ul>\n<li>Secure ingest with Splunk Cloud Private Connectivity with AWS<\/li><li>Describe Federated Search functionality<\/li><li>Describe Splunk connected experience apps such as Splunk Secure Gateway<\/li><li>Monitor and manage resource utilization by business units and users using Splunk App for Chargeback<\/li><li>Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service<\/li><\/ul><p><strong>Module 15 &ndash; Supporting Splunk Cloud<\/strong>\n<\/p>\n<ul>\n<li>Know how to isolate problems before contacting Splunk Cloud Support<\/li><li>Use Isolation Troubleshooting<\/li><li>Define the process for engaging Splunk Support<\/li><\/ul><p><strong>Appendix<\/strong>\n<\/p>\n<ul>\n<li>Explore Splunk security fundamentals<\/li><\/ul>","summary":"<p>This course is for administrators new to Splunk Cloud and those wanting to become more experienced in managing Splunk Cloud instances.<\/p>\n<p>The course provides administrators with the opportunity to gain the skills, knowledge and best practices for data management and system configuration for data collection and ingestion required in a Splunk Cloud environment to create a productive Splunk SaaS deployment. The hands-on labs provide the opportunity to learn and ask questions on how to manage and maintain the platform, the users and how to effectively get data into Splunk Cloud. Modules include data inputs and forwarder configuration, data management, user accounts, and basic monitoring and problem isolation.<\/p>\n<p>Note: Splunk Cloud Administration and Transitioning to Splunk Cloud SHOULD NOT be taken together as both are designed to develop Splunk Cloud-specific skills and as such there is some overlap.<\/p>\n<p><strong>Please note that this course may run over three days of 6 hour sessions or four days of 4.5 hour sessions.<\/strong><\/p>","essentials_plain":"To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:\n\n\n- Intro to Splunk\n- Using Fields (SUF)\n- Intro to Knowledge Objects\n- Creating Knowledge Objects (CKO)\n- Creating Field Extractions (CFE)\nAdditional courses and\/or knowledge in these areas are also highly recommended:\n\n\n\n- Enriching Data with Lookups (EDL)\n- Data Models (SDM)","audience_plain":"Splunk Cloud Administrators.","outline_plain":"Module 1 \u2013 Splunk Cloud Overview\n\n\n- Describe Splunk and Splunk Cloud features and topology\n- Identify Splunk Cloud administrator tasks\n- Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience\n- Secure Splunk deployments best practices\n- Explain Splunk Cloud data ingestion strategies\nModule 2 - Managing Users\n\n\n\n- Identify Splunk Cloud authentication options\n- Add Splunk users using native authentication\n- Create a custom role\n- Integrate Splunk with LDAP, Active Directory or SAML\n- Use Workload Management to manage user resource usage\n- Manage users in Splunk\nModule 3 \u2013 Managing Indexes\n\n\n\n- Understand cloud indexing strategy\n- Define and create indexes\n- Manage data retention and archiving\n- Delete and mask data from an index\n- Monitor indexing activities\nModule 4 \u2013 Using Configuration Files\n\n\n\n- Describe Splunk configuration directory structure\n- Describe the configuration layering process with index and search time precedence\n- Use Splunk tools to examine configuration settings such as btool\nModule 5 \u2013 Managing Apps\n\n\n\n- Review the process for installing apps\n- Define the purpose of private apps\n- Upload private apps\n- Describe how apps are managed\nModule 6 \u2013 Configuring Forwarders\n\n\n\n- List Splunk forwarder types\n- Understand the role of forwarders\n- Configure a forwarder to send data to Splunk Cloud\n- Test the forwarder connection\n- Describe optional forwarder settings\nModule 7 \u2013 Managing Forwarders\n\n\n\n- Describe Splunk Deployment Server (DS)\n- Manage forwarders using deployment apps\n- Configure deployment clients and client groups\n- Monitor forwarder management activities\nModule 8 \u2013 Forwarder Inputs\n\n\n\n- Describe the Splunk process for inputting data\n- Create file and directory monitor inputs\n- Use optional settings for monitor inputs\n- Creating network inputs\nModule 9 \u2013 Common Inputs\n\n\n\n- Create REST API inputs\n- Create a basic scripted input\n- Identify Linux-specific inputs\n- Identify Windows-specific inputs\n- Create Splunk HTTP Event Collector (HEC) agentless inputs\nModule 10 \u2013 Additional Inputs\n\n\n\n- Understand how inputs are managed using apps or add-ons\n- Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub\nModule 11 \u2013 Fine-tuning Inputs\n\n\n\n- Describe the default processing that occurs during the input phase\n- Configure input phase options, such as source type fine-tuning and character set encoding\n- Reset file check pointers on a forwarder using the btprobe command\nModule 12 \u2013 Parsing Phase and Data Preview\n\n\n\n- Describe the default processing that occurs during parsing\n- Optimize and configure event line breaking\n- Modify how timestamps and time zones are extracted or assigned to events\n- Use Data Preview to validate event creation during the parsing phase\nModule 13 \u2013 Manipulating Input Data\n\n\n\n- Explore Splunk transformation methods\n- Mask, filter and route data with SEDCMD and TRANSFORMS\n- Override sourcetype or host based upon event values\n- Create and manage rulesets with Ingest Actions\n- Mask, filter and route data with Ingest Action rules\nModule 14 \u2013 Managing Splunk Cloud\n\n\n\n- Secure ingest with Splunk Cloud Private Connectivity with AWS\n- Describe Federated Search functionality\n- Describe Splunk connected experience apps such as Splunk Secure Gateway\n- Monitor and manage resource utilization by business units and users using Splunk App for Chargeback\n- Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service\nModule 15 \u2013 Supporting Splunk Cloud\n\n\n\n- Know how to isolate problems before contacting Splunk Cloud Support\n- Use Isolation Troubleshooting\n- Define the process for engaging Splunk Support\nAppendix\n\n\n\n- Explore Splunk security fundamentals","summary_plain":"This course is for administrators new to Splunk Cloud and those wanting to become more experienced in managing Splunk Cloud instances.\n\nThe course provides administrators with the opportunity to gain the skills, knowledge and best practices for data management and system configuration for data collection and ingestion required in a Splunk Cloud environment to create a productive Splunk SaaS deployment. The hands-on labs provide the opportunity to learn and ask questions on how to manage and maintain the platform, the users and how to effectively get data into Splunk Cloud. Modules include data inputs and forwarder configuration, data management, user accounts, and basic monitoring and problem isolation.\n\nNote: Splunk Cloud Administration and Transitioning to Splunk Cloud SHOULD NOT be taken together as both are designed to develop Splunk Cloud-specific skills and as such there is some overlap.\n\nPlease note that this course may run over three days of 6 hour sessions or four days of 4.5 hour sessions.","skill_level":"Intermediate","version":"9.4","duration":{"unit":"d","value":2.5,"formatted":"2.5 days"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":2000},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":1670},"PL":{"country":"PL","currency":"USD","taxrate":23,"price":2000},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":2250},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":2250},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":2250},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":2760},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":2000},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":2500},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":2250}}},"lastchanged":"2026-01-12T11:20:09+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/en\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course-schedule\/25907","source_lang":"en","source":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course\/splunk-sca"}}