Splunk On-Call Administration

Splunk On-Call Administration

Upcoming Classes

Online

Instructor-led online training

Location Jul 2021 Aug 2021 Sep 2021 Oct 2021 Nov 2021 Dec 2021 Jan 2022
AMER Eastern Time - Virtual Aug 6
Oct 6
AMER Pacific Time - Virtual Sep 1

Summary

This course is targeted towards Splunk On-call admins responsible for setting up incident response with Splunk On-Call. This 1-virtual day course describes the tasks required to set up on-call teams, including defining schedules, on-call rotations and shifts. Learn to set-up and configure alerts and integrations. Create post-incident review reports, track response metrics and customize reports. Use advanced features such as the Rules engine for advanced customization and configure webhook integrations. All concepts are taught using lectures and scenario-based hands-on activities.

Description

  • Set up Splunk On-Call teams
  • Set up integrations and configure alerts
  • Report on team activity and performance
  • Use the Rules engine to trigger custom alerts
  • Set up webhook integrations

Duration

4.5 hours

Objectives

Module 1: Introduction and Planning

  • Identify features desirable in an incident response system
  • Create a plan for incident response
  • Describe the flow of a typical incident in Splunk On-Call
  • Describe the general layout of the UI / functionality
  • Explain the Splunk on-call concepts including:
    • Escalation Policies, Incidents, and Actions
  • Create new users
  • Create users paging (notification) policies
  • Plan on-call schedules

Module 2: Users, Teams, Rotations and Escalation Policies

  • Describe the Splunk On-Call setup flow
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules including shifts, rotations and members
  • Build Escalation Policies for incoming incidents

Module 3: Configuring Integrations and Alerts

  • Describe the purpose of a routing key
  • Explain the importance of naming conventions in creating routing keys and escalation policies
  • Create a routing key
  • Select appropriate external Monitoring System integrations
  • Configure 3 Splunk On-Call integrations

Module 4: Reporting on Team Activity and Performance

  • Differentiate between the types of reports
  • Create a post-incident review report
  • Track responses metrics
  • Customize on-call Review report
  • Track flow of incidents after the fact using the Incident
  • Frequency report (Enterprise edition only)

Module 5: Advanced Features

  • Use the Alert Rules Engine to add annotations to an incident
  • Use the Alert Rules Engine to transform an alert
  • Re-route or mute incidents based on content
  • Create outgoing Webhooks to extend product functionality
  • Use the public API portal to find details on the public API
  • Explain what data in Splunk On-Call can be maintained with Terraform

 

 

Prerequisites

None

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

  • Confirmed
    9:00 AM - 1:30 PM EDT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 1:30 PM EDT
    $ 500.00 USD

AMER Pacific Time - Virtual

  • Confirmed
    9:00 AM - 1:30 PM PDT
    $ 500.00 USD

Don't see a date that works for you?

Request Class