Module 1: Introduction and Planning
- Identify features desirable in an incident response system
- Create a plan for incident response
- Describe the flow of a typical incident in Splunk On-Call
- Describe the general layout of the UI / functionality
- Explain the Splunk on-call concepts including:
Escalation Policies, Incidents, and Actions
- Create new users
- Create users paging (notification) policies
- Plan on-call schedules
Module 2: Users, Teams, Rotations and Escalation Policies
- Describe the Splunk On-Call setup flow
- Differentiate between Splunk On-Call user roles
- Create teams and add users using both the UI and API
- Add and remove team managers
- Create on-call schedules including shifts, rotations and members
- Build Escalation Policies for incoming incidents
Module 3: Configuring Integrations and Alerts
- Describe the purpose of a routing key
- Explain the importance of naming conventions in creating routing keys and escalation policies
- Create a routing key
- Select appropriate external Monitoring System integrations
- Configure 3 Splunk On-Call integrations
Module 4: Reporting on Team Activity and Performance
- Differentiate between the types of reports
- Create a post-incident review report
- Track responses metrics
- Customize on-call Review report
- Track flow of incidents after the fact using the Incident
- Frequency report (Enterprise edition only)
Module 5: Advanced Features
- Use the Alert Rules Engine to add annotations to an incident
- Use the Alert Rules Engine to transform an alert
- Re-route or mute incidents based on content
- Create outgoing Webhooks to extend product functionality
- Use the public API portal to find details on the public API
- Explain what data in Splunk On-Call can be maintained with Terraform