Module 1 – Splunk Cloud Overview

• Describe Splunk Cloud features and topology
• Identify Splunk Cloud administrator managed tasks
• List the primary Splunk Enterprise on-prem and Splunk Cloud administrator tasks
• Explain Splunk Cloud data ingestion strategies

Module 2 – Managing Users

• Identify Splunk Cloud authentication options
• Add Splunk users using native authentication
• Integrate Splunk with LDAP, Active Directory, or SAML
• Create a custom role
• Manage users in Splunk
• Use Workload Management to manage user resource usage

Module 3 – Managing Indexes

• Understand cloud indexing strategy
• Define and create indexes
• Manage data retention and archiving
• Delete and mask data from an index
• Monitor indexing activities

Module 4 – Using Configuration Files

• Describe Splunk configuration directory structure
• Describe the configuration layering process with index and search time precedence
• Use Splunk tools to examine configuration settings such as btool

Module 5 – Configuring Forwarders

• List Splunk forwarder types
• Understand the role of forwarders
• Configure a forwarder to send data to Splunk Cloud
• Test the forwarder connection
• Describe optional forwarder settings

Module 6 – Managing Forwarders

• Describe Splunk Deployment Server (DS)
• Manage forwarders using deployment apps
• Configure deployment clients and client groups
• Monitor forwarder management activities

Module 7 – Forwarder Inputs

• Describe the Splunk process for inputting data
• Creating network inputs
• Create file and directory monitor inputs
• Use optional settings for monitor inputs

Module 8 – API, Scripted and HEC Inputs

• Create REST API inputs
• Create a basic scripted input
• Identify Linux-specific inputs
• Identify Windows-specific inputs
• Create Splunk HTTP Event Collector (HEC) agentless inputs

Module 9 – Application-Based Inputs

• Understand how inputs are managed using apps or add-ons
• Explore Cloud inputs using Splunk Connect for Syslog, Data Manager, Inputs Data Manager (IDM), Splunk Edge Processor, and Splunk Edge Hub

Module 10 – Fine-tuning Inputs

• Describe the default processing that occurs during the input phase
• Configure input phase options, such as source type fine-tuning and character set encoding
• Reset file check pointers on a forwarder using the btprobe command

Module 11 – Parsing Phase and Data Preview

• Describe the default processing that occurs during parsing
• Optimize and configure event line breaking
• Modify how timestamps and time zones are extracted or assigned to events
• Use Data Preview to validate event creation during the parsing phase

Module 12 – Manipulating Raw Data

• Explore Splunk transformation methods
• Mask data with SEDCMD and TRANSFORMS
• Override sourcetype or host based upon event values
• Create rulesets with Ingest Actions
• Mask data with Ingest Action rules

Module 13 – Installing and Managing Apps

• Review the process for installing apps
• Define the purpose of private apps
• Upload private apps
• Describe how apps are managed

Module 14 – Managing Splunk Cloud

• Describe Splunk connected experience apps such as Splunk Secure Gateway
• Monitor and manage resource utilization by business units and users using Splunk App for Chargeback
• Perform self-service administrative tasks in Splunk Cloud using the Admin Config Service

Module 15 – Supporting Splunk Cloud

• Know how to isolate problems before contacting Splunk Cloud Support
• Use Isolation Troubleshooting
• Define the process for engaging Splunk Support
• Improve Mean Time to Resolution (MTTR) by using clear communication, diagnostic tools, monitoring, and the CMC

Appendix

• Explore Splunk security fundamentals

Splunk Cloud Administration Course Prerequisites:

To be successful in the Splunk Cloud Administration course, students should have a working knowledge of the topics covered in the following prerequisite courses:

• What is Splunk?
• Intro to Splunk
• Using Fields
• Introduction to Knowledge Objects
• Creating Knowledge Objects
• Creating Field Extractions