Transitioning to Splunk Cloud

Transitioning to Splunk CloudTSCSPSplunkSP-TSC9.4To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: <ul> <li>Intro to Splunk</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-suf"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Using Fields (SUF)</a></li><li>Intro to Knowledge Objects</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cko"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Knowledge Objects (CKO)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cfe"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Field Extractions (CFE)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-sesa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Splunk Enterprise System Administration (SESA)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-seda"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Splunk Enterprise Data Administration (SEDA)</a></li></ul>Additional courses and/or knowledge in these areas are also highly recommended: <ul> <li><a class="fl-href-prod" href="/swisscom/en/course/splunk-edl"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Enriching Data with Lookups (EDL)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-sdm"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Data Models (SDM)</a></li></ul>Splunk Enterprise AdministratorsThis course is for experienced on-prem administrators and anyone needing to ramp-up on Splunk Cloud to get more knowledge and experience of managing Splunk Cloud instances. The course discusses the differentiators between on-prem Splunk and the different Splunk Cloud offerings. Modules include topics on how to migrate data collection and ingest from on-prem Splunk to Splunk Cloud as well as highlighting Splunk Cloud specific differences and best practices to manage a productive Splunk SaaS deployment. For Splunk Administrators who have undertaken the System and Data Administration learning pathways, this course highlights key differences between Splunk Enterprise deployed on-premises and Splunk Enterprise Cloud to allow them to ramp up their data and system management skills to transition to Splunk Cloud. The hands-on lab provides access to and experience of managing a Splunk Cloud instance. Note: Splunk Cloud Administration and Transitioning to Splunk Cloud SHOULD NOT be taken together as both are designed to develop Splunk Cloud-specific skills and as such there is some overlap. Please note that this course may run over two days, with 4.5 hour sessions each day.Module 1 – Splunk Cloud Overview <ul> <li>Describe Splunk and Splunk Cloud features and topology</li><li>Identify Splunk Cloud administrator tasks</li><li>Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience</li><li>Secure Splunk deployments best practices</li><li>Explain Splunk Cloud data ingestion strategies</li></ul>Module 2 – Splunk Cloud Migration <ul> <li>Understand the Splunk Cloud migration journey</li><li>Determine Splunk Cloud migration readiness</li><li>Identify Splunk Cloud migration preparation tasks, strategies, and possible challenges</li></ul>Module 3 – Managing Users <ul> <li>Identify Splunk Cloud authentication options</li><li>Add Splunk users using native authentication</li><li>Create a custom role</li><li>Integrate Splunk with LDAP, Active Directory or SAML</li><li>Use Workload Management to manage user resource usage</li><li>Manage users in Splunk</li></ul>Module 4 – Managing Indexes <ul> <li>Understand cloud indexing strategy</li><li>Define and create indexes</li><li>Manage data retention and archiving</li><li>Delete and mask data from an index</li><li>Monitor indexing activities</li></ul>Module 5 – Managing Apps <ul> <li>Review the process for installing apps</li><li>Define the purpose of private apps</li><li>Upload private apps</li><li>Describe how apps are managed</li></ul>Module 6 – Configuring Forwarders <ul> <li>List Splunk forwarder types</li><li>Understand the role of forwarders</li><li>Configure a forwarder to send data to Splunk Cloud</li><li>Test the forwarder connection</li><li>Describe optional forwarder settings</li></ul>Module 7 – Common Inputs <ul> <li>Describe forwarder inputs such as files and directories</li><li>Create REST API inputs</li><li>Create a basic scripted input</li><li>Create Splunk HTTP Event Collector (HEC) agentless inputs</li></ul>Module 8 – Additional Inputs <ul> <li>Understand how inputs are managed using apps or add-ons</li><li>Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub</li></ul>Module 9 – Using Ingest Actions <ul> <li>Explore Splunk transformation methods</li><li>Create and manage rulesets with Ingest Actions</li><li>Mask, filter and route data with Ingest Action rules</li></ul>Module 10 – Managing Splunk Cloud <ul> <li>Secure ingest with Splunk Cloud Private Connectivity with AWS</li><li>Describe Federated Search functionality</li><li>Describe Splunk connected experience apps such as Splunk Secure Gateway</li><li>Monitor and manage resource utilization by business units and users using Splunk App for Chargeback</li><li>Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service</li></ul>Module 11 – Supporting Splunk Cloud <ul> <li>Know how to isolate problems before contacting Splunk Cloud Support</li><li>Use Isolation Troubleshooting</li><li>Define the process for engaging Splunk Support</li></ul>Appendix <ul> <li>Explore Splunk security fundamentals</li></ul>To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: - Intro to Splunk - Using Fields (SUF) - Intro to Knowledge Objects - Creating Knowledge Objects (CKO) - Creating Field Extractions (CFE) - Splunk Enterprise System Administration (SESA) - Splunk Enterprise Data Administration (SEDA) Additional courses and/or knowledge in these areas are also highly recommended: - Enriching Data with Lookups (EDL) - Data Models (SDM)Splunk Enterprise AdministratorsThis course is for experienced on-prem administrators and anyone needing to ramp-up on Splunk Cloud to get more knowledge and experience of managing Splunk Cloud instances. The course discusses the differentiators between on-prem Splunk and the different Splunk Cloud offerings. Modules include topics on how to migrate data collection and ingest from on-prem Splunk to Splunk Cloud as well as highlighting Splunk Cloud specific differences and best practices to manage a productive Splunk SaaS deployment. For Splunk Administrators who have undertaken the System and Data Administration learning pathways, this course highlights key differences between Splunk Enterprise deployed on-premises and Splunk Enterprise Cloud to allow them to ramp up their data and system management skills to transition to Splunk Cloud. The hands-on lab provides access to and experience of managing a Splunk Cloud instance. Note: Splunk Cloud Administration and Transitioning to Splunk Cloud SHOULD NOT be taken together as both are designed to develop Splunk Cloud-specific skills and as such there is some overlap. Please note that this course may run over two days, with 4.5 hour sessions each day.Module 1 – Splunk Cloud Overview - Describe Splunk and Splunk Cloud features and topology - Identify Splunk Cloud administrator tasks - Describe Splunk Cloud purchasing options and differences between Classic and Victoria experience - Secure Splunk deployments best practices - Explain Splunk Cloud data ingestion strategies Module 2 – Splunk Cloud Migration - Understand the Splunk Cloud migration journey - Determine Splunk Cloud migration readiness - Identify Splunk Cloud migration preparation tasks, strategies, and possible challenges Module 3 – Managing Users - Identify Splunk Cloud authentication options - Add Splunk users using native authentication - Create a custom role - Integrate Splunk with LDAP, Active Directory or SAML - Use Workload Management to manage user resource usage - Manage users in Splunk Module 4 – Managing Indexes - Understand cloud indexing strategy - Define and create indexes - Manage data retention and archiving - Delete and mask data from an index - Monitor indexing activities Module 5 – Managing Apps - Review the process for installing apps - Define the purpose of private apps - Upload private apps - Describe how apps are managed Module 6 – Configuring Forwarders - List Splunk forwarder types - Understand the role of forwarders - Configure a forwarder to send data to Splunk Cloud - Test the forwarder connection - Describe optional forwarder settings Module 7 – Common Inputs - Describe forwarder inputs such as files and directories - Create REST API inputs - Create a basic scripted input - Create Splunk HTTP Event Collector (HEC) agentless inputs Module 8 – Additional Inputs - Understand how inputs are managed using apps or add-ons - Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub Module 9 – Using Ingest Actions - Explore Splunk transformation methods - Create and manage rulesets with Ingest Actions - Mask, filter and route data with Ingest Action rules Module 10 – Managing Splunk Cloud - Secure ingest with Splunk Cloud Private Connectivity with AWS - Describe Federated Search functionality - Describe Splunk connected experience apps such as Splunk Secure Gateway - Monitor and manage resource utilization by business units and users using Splunk App for Chargeback - Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service Module 11 – Supporting Splunk Cloud - Know how to isolate problems before contacting Splunk Cloud Support - Use Isolation Troubleshooting - Define the process for engaging Splunk Support Appendix - Explore Splunk security fundamentals9 hours1000.00835.001000.001000.001380.001100.001000.00100.00100.00100.00100.00100.00100.00100.00100.00100.00