trainocate-splunk-training-b
Home > Vendors > splunk > splk-admoncall

SPLK-ADMONCALL - Splunk On-Call Administration

Overview

Duration: 5.0 hours

This course is targeted towards Splunk On-call admins responsible for setting up incident response with Splunk On-Call. This 1-virtual day course describes the tasks required to set up on-call teams, including defining schedules, on-call rotations and shifts. Learn to set-up and configure alerts and integrations. Create post-incident review reports, track response metrics and customize reports. Use advanced features such as the Rules engine for advanced customization and configure webhook integrations. All concepts are taught using lectures and scenario-based hands-on activities.

Objectives

Please refer to course overview.

Audience

Content

Module 1: Introduction and Planning

  • Identify features desirable in an incident response system
  • Create a plan for incident response
  • Describe the flow of a typical incident in Splunk On-Call
  • Describe the general layout of the UI / functionality
  • Explain the Splunk on-call concepts including:
    • Escalation Policies, Incidents, and Actions
  • Create new users
  • Create users paging (notification) policies
  • Plan on-call schedules

Module 2: Users, Teams, Rotations and Escalation Policies

  • Describe the Splunk On-Call setup flow
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules including shifts, rotations and members
  • Build Escalation Policies for incoming incidents

Module 3: Configuring Integrations and Alerts

  • Describe the purpose of a routing key
  • Explain the importance of naming conventions in creating routing keys and escalation policies
  • Create a routing key
  • Select appropriate external Monitoring System integrations
  • Configure 3 Splunk On-Call integrations

Module 4: Reporting on Team Activity and Performance

  • Differentiate between the types of reports
  • Create a post-incident review report
  • Track responses metrics
  • Customize on-call Review report
  • Track flow of incidents after the fact using the Incident
  • Frequency report (Enterprise edition only)

Module 5: Advanced Features

  • Use the Alert Rules Engine to add annotations to an incident
  • Use the Alert Rules Engine to transform an alert
  • Re-route or mute incidents based on content
  • Create outgoing Webhooks to extend product functionality
  • Use the public API portal to find details on the public API
  • Explain what data in Splunk On-Call can be maintained with Terraform

Prerequisites

-

Certification

Schedule




Enquire Now
 
 
 
 
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy