Splunk Cloud Administration

Splunk Cloud AdministrationSCASPSplunkSP-SCA9.4To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: <ul> <li>Intro to Splunk</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-suf"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Using Fields (SUF)</a></li><li>Intro to Knowledge Objects</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cko"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Knowledge Objects (CKO)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cfe"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Field Extractions (CFE)</a></li></ul>Additional courses and/or knowledge in these areas are also highly recommended: <ul> <li><a class="fl-href-prod" href="/swisscom/en/course/splunk-edl"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Enriching Data with Lookups (EDL)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-sdm"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Data Models (SDM)</a></li></ul>Splunk Cloud Administrators.Module 1 – Splunk Cloud Overview <ul> <li>Describe Splunk and Splunk Cloud features and topology</li><li>Identify Splunk Cloud administrator tasks</li><li>Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience</li><li>Secure Splunk deployments best practices</li><li>Explain Splunk Cloud data ingestion strategies</li></ul>Module 2 - Managing Users <ul> <li>Identify Splunk Cloud authentication options</li><li>Add Splunk users using native authentication</li><li>Create a custom role</li><li>Integrate Splunk with LDAP, Active Directory or SAML</li><li>Use Workload Management to manage user resource usage</li><li>Manage users in Splunk</li></ul>Module 3 – Managing Indexes <ul> <li>Understand cloud indexing strategy</li><li>Define and create indexes</li><li>Manage data retention and archiving</li><li>Delete and mask data from an index</li><li>Monitor indexing activities</li></ul>Module 4 – Using Configuration Files <ul> <li>Describe Splunk configuration directory structure</li><li>Describe the configuration layering process with index and search time precedence</li><li>Use Splunk tools to examine configuration settings such as btool</li></ul>Module 5 – Managing Apps <ul> <li>Review the process for installing apps</li><li>Define the purpose of private apps</li><li>Upload private apps</li><li>Describe how apps are managed</li></ul>Module 6 – Configuring Forwarders <ul> <li>List Splunk forwarder types</li><li>Understand the role of forwarders</li><li>Configure a forwarder to send data to Splunk Cloud</li><li>Test the forwarder connection</li><li>Describe optional forwarder settings</li></ul>Module 7 – Managing Forwarders <ul> <li>Describe Splunk Deployment Server (DS)</li><li>Manage forwarders using deployment apps</li><li>Configure deployment clients and client groups</li><li>Monitor forwarder management activities</li></ul>Module 8 – Forwarder Inputs <ul> <li>Describe the Splunk process for inputting data</li><li>Create file and directory monitor inputs</li><li>Use optional settings for monitor inputs</li><li>Creating network inputs</li></ul>Module 9 – Common Inputs <ul> <li>Create REST API inputs</li><li>Create a basic scripted input</li><li>Identify Linux-specific inputs</li><li>Identify Windows-specific inputs</li><li>Create Splunk HTTP Event Collector (HEC) agentless inputs</li></ul>Module 10 – Additional Inputs <ul> <li>Understand how inputs are managed using apps or add-ons</li><li>Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub</li></ul>Module 11 – Fine-tuning Inputs <ul> <li>Describe the default processing that occurs during the input phase</li><li>Configure input phase options, such as source type fine-tuning and character set encoding</li><li>Reset file check pointers on a forwarder using the btprobe command</li></ul>Module 12 – Parsing Phase and Data Preview <ul> <li>Describe the default processing that occurs during parsing</li><li>Optimize and configure event line breaking</li><li>Modify how timestamps and time zones are extracted or assigned to events</li><li>Use Data Preview to validate event creation during the parsing phase</li></ul>Module 13 – Manipulating Input Data <ul> <li>Explore Splunk transformation methods</li><li>Mask, filter and route data with SEDCMD and TRANSFORMS</li><li>Override sourcetype or host based upon event values</li><li>Create and manage rulesets with Ingest Actions</li><li>Mask, filter and route data with Ingest Action rules</li></ul>Module 14 – Managing Splunk Cloud <ul> <li>Secure ingest with Splunk Cloud Private Connectivity with AWS</li><li>Describe Federated Search functionality</li><li>Describe Splunk connected experience apps such as Splunk Secure Gateway</li><li>Monitor and manage resource utilization by business units and users using Splunk App for Chargeback</li><li>Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service</li></ul>Module 15 – Supporting Splunk Cloud <ul> <li>Know how to isolate problems before contacting Splunk Cloud Support</li><li>Use Isolation Troubleshooting</li><li>Define the process for engaging Splunk Support</li></ul>Appendix <ul> <li>Explore Splunk security fundamentals</li></ul>To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: - Intro to Splunk - Using Fields (SUF) - Intro to Knowledge Objects - Creating Knowledge Objects (CKO) - Creating Field Extractions (CFE) Additional courses and/or knowledge in these areas are also highly recommended: - Enriching Data with Lookups (EDL) - Data Models (SDM)Splunk Cloud Administrators.Module 1 – Splunk Cloud Overview - Describe Splunk and Splunk Cloud features and topology - Identify Splunk Cloud administrator tasks - Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience - Secure Splunk deployments best practices - Explain Splunk Cloud data ingestion strategies Module 2 - Managing Users - Identify Splunk Cloud authentication options - Add Splunk users using native authentication - Create a custom role - Integrate Splunk with LDAP, Active Directory or SAML - Use Workload Management to manage user resource usage - Manage users in Splunk Module 3 – Managing Indexes - Understand cloud indexing strategy - Define and create indexes - Manage data retention and archiving - Delete and mask data from an index - Monitor indexing activities Module 4 – Using Configuration Files - Describe Splunk configuration directory structure - Describe the configuration layering process with index and search time precedence - Use Splunk tools to examine configuration settings such as btool Module 5 – Managing Apps - Review the process for installing apps - Define the purpose of private apps - Upload private apps - Describe how apps are managed Module 6 – Configuring Forwarders - List Splunk forwarder types - Understand the role of forwarders - Configure a forwarder to send data to Splunk Cloud - Test the forwarder connection - Describe optional forwarder settings Module 7 – Managing Forwarders - Describe Splunk Deployment Server (DS) - Manage forwarders using deployment apps - Configure deployment clients and client groups - Monitor forwarder management activities Module 8 – Forwarder Inputs - Describe the Splunk process for inputting data - Create file and directory monitor inputs - Use optional settings for monitor inputs - Creating network inputs Module 9 – Common Inputs - Create REST API inputs - Create a basic scripted input - Identify Linux-specific inputs - Identify Windows-specific inputs - Create Splunk HTTP Event Collector (HEC) agentless inputs Module 10 – Additional Inputs - Understand how inputs are managed using apps or add-ons - Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub Module 11 – Fine-tuning Inputs - Describe the default processing that occurs during the input phase - Configure input phase options, such as source type fine-tuning and character set encoding - Reset file check pointers on a forwarder using the btprobe command Module 12 – Parsing Phase and Data Preview - Describe the default processing that occurs during parsing - Optimize and configure event line breaking - Modify how timestamps and time zones are extracted or assigned to events - Use Data Preview to validate event creation during the parsing phase Module 13 – Manipulating Input Data - Explore Splunk transformation methods - Mask, filter and route data with SEDCMD and TRANSFORMS - Override sourcetype or host based upon event values - Create and manage rulesets with Ingest Actions - Mask, filter and route data with Ingest Action rules Module 14 – Managing Splunk Cloud - Secure ingest with Splunk Cloud Private Connectivity with AWS - Describe Federated Search functionality - Describe Splunk connected experience apps such as Splunk Secure Gateway - Monitor and manage resource utilization by business units and users using Splunk App for Chargeback - Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service Module 15 – Supporting Splunk Cloud - Know how to isolate problems before contacting Splunk Cloud Support - Use Isolation Troubleshooting - Define the process for engaging Splunk Support Appendix - Explore Splunk security fundamentals2.5 days2000.001670.002000.002250.002250.002250.002760.002000.002500.002250.00200.00200.00200.00200.00200.00225.00225.00225.00225.00