Transitioning to Splunk Cloud

Splunk Training Authorised Partner Ingeniq

The Transitioning to Splunk Cloud  is a 2 day (9 hours) virtual course highlights key differences between Splunk Enterprise deployed on-premise and Splunk Enterprise Cloud to allow Splunk Administrators to transition to Splunk Cloud.

The course provides the skills and knowledge for Splunk Cloud administrators to collect and ingest data as well as manage their cloud environment and maintain a productive Splunk SaaS deployment. 

Units : 2
Duration : 9 hours over 2 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Transitioning to Splunk Cloud

The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful.

Participant, Splunk Fundamentals 2

Transitioning to Splunk Cloud
Transitioning to Splunk Cloud - Course Topics
  • Splunk Cloud SaaS

  • User Authentication and Authorisation

  • Index Management and Data Retention

  • Cloud Ingestion – Using Splunk Forwarders

  • Cloud Ingestion – Use API, HEC and Scripted Inputs

  • Cloud Ingestion – Using Apps and IDM Inputs

  • Installing and Managing Apps

  • Refine and Manipulate Inputs § Working with Cloud Support 

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites
Related Certifications
Transitioning to Splunk Cloud - Audience

Splunk Partners having a Professional Services Practice.

After completing Transitioning to Splunk Cloud course you will be able to
  • Advantages of using Splunk Cloud

  • Learn the differences between managing Splunk Enterprise and Cloud

  • How to manage data and inputs in Splunk Cloud

  • How to manage Apps and Configs in Splunk Cloud

Transitioning to Splunk Cloud
Transitioning to Splunk Cloud - Course Objectives

Module 1 – Splunk Cloud SaaS

  • Describe Cloud SaaS benefits and features

  • Identify Splunk Cloud administrator managed tasks

  • Explain the differences between Splunk Enterprise on premise and Splunk Enterprise Cloud


Module 2 – User Authentication and Authorisation

  • Identify Splunk Cloud authentication options

  • Add Splunk users using native authentication

  • Integrate Splunk with LDAP, Active Directory or SAML

  • Understanding Splunk authorization options


Module 3 – Index Management and Data Retention

  • Understand cloud indexing strategy

  • Create indexes in cloud

  • Manage data retention and archiving

  • Monitor indexing activities


Module 4 – Cloud Ingestion – Using forwarders

  • Review cloud ingestion strategies

  • Understand the role of forwarders in GDI

  • Configure forwarding to Splunk Cloud

  • Monitoring forwarder connectivity

  • Explore optional forwarder settings


Module 5 – Cloud Ingestion – Using API, HEC and Scripted Inputs

  • Understand how data is ingested using API

  • Describe how to use HEC for ingestion

  • Know how to deploy scripted inputs

Module 6 – Cloud Ingestion – Using Apps and IDM Inputs

  • Understand how inputs are managed using in apps or add-ons

  • Describe how customers may use Splunk Stream app

  • Deploy Cloud inputs for use on an IDM


Module 7 – Installing and Managing Apps

  • Understand how apps and add-ons are vetted and installed in Cloud

  • Create apps to managing and distribute configurations


Module 8 – Refine and Manipulate Inputs

  • Create and define props and transforms using the UI

  • Understand how to create, modify and deploy configs in Cloud

  • Masking data and removing data prior to ingestion

  • Dirty data and performance gains


Module 9 – Cloud Support and Troubleshooting

  • Troubleshooting Splunk deployments

  • Collecting data and use diagnostics or monitoring to investigate

  • Explore diagnostic tools used to troubleshoot common issues

  • Overview of how to submit request with the relevant data for support to troubleshoot

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses start at AET  2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+9 including Japan, Korea

  • UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand

  • UTC +5/+6 including India and Sri Lanka

Transitioning to Splunk Cloud - Upcoming Courses