We are happy to advise you!
1­-855­-778­-7246    Contact

Transitioning to Splunk Cloud (TSC)


Course Content

This 9-hour virtual course highlights key differences between Splunk Enterprise deployed on-premises and Splunk Enterprise Cloud to allow Splunk Administrators to transition to Splunk Cloud.

This course provides the skills and knowledge for experienced on-prem administrators to migrate the collection and data ingest as well as manage their Splunk Cloud environment and maintain a productive Splunk SaaS deployment.


To be successful, students should have a solid understanding of the following:

  • System Administration
  • Data Administration

Course Objectives

  • Splunk Cloud Overview
  • User Authentication and Authorization
  • Index Management and Data Retention
  • Cloud Ingestion – Using Splunk Forwarders
  • Cloud Ingestion – Use API, HEC and Scripted Inputs
  • Cloud Ingestion – Using Apps and IDM Inputs
  • Installing and Managing Apps
  • GDI Performance Considerations
  • Problem isolation and working with Splunk Cloud support

Outline: Transitioning to Splunk Cloud (TSC)

Module 1 – Splunk Cloud Overview

  • Describe Cloud SaaS benefits and features
  • Identify Splunk Cloud administrator managed tasks
  • Explain the differences between Splunk Enterprise on premise and Splunk Enterprise Cloud

Module 2 – User Authentication and Authorization

  • Identify Splunk Cloud authentication options
  • Add Splunk users using native authentication
  • Integrate Splunk with LDAP, Active Directory or SAML
  • Understanding Splunk authorization options

Module 3 – Index Management and Data Retention

  • Understand cloud indexing strategy
  • Create indexes in cloud
  • Manage data retention and archiving
  • Monitor indexing activities

Module 4 – Cloud Ingestion – Using Splunk Forwarders

  • Review cloud ingestion strategies
  • Understand the role of forwarders in GDI
  • Configure forwarding to Splunk Cloud
  • Monitoring forwarder connectivity
  • Explore optional forwarder settings

Module 5 – Cloud Ingestion – Using API, Scripted and HEC Inputs

  • Understand how data is ingested using API
  • Describe how to use HEC for ingestion
  • Know how to deploy scripted inputs

Module 6 – Cloud Ingestion – Application Based Inputs

  • Understand how inputs are managed using in apps or add-ons
  • Describe how customers may use Splunk Stream app
  • Deploy Cloud inputs for use on an IDM

Module 7 – Installing and Managing Apps

  • Understand how apps and add-ons are vetted and installed in Cloud
  • Create apps to managing and distribute configurations

Module 8 – GDI Performance Considerations

  • Understand how event parsing and processing may impact performance
  • Use Data Preview to validate and address event creation issues
  • Explain how data transformations are defined and invoked

Module 9 – Splunk Cloud Support and Troubleshooting

  • Troubleshooting Splunk deployments
  • Collecting data and use diagnostics or monitoring to investigate
  • Overview of how to collect the relevant data for support to troubleshoot


  • Explore diagnostic tools and isolation troubleshooting used to investigate and solve issues
Online Training

Duration 9 hours

  • CAD 1,270
Classroom Training

Duration 9 hours

  • Canada: CAD 1,270

Currently there are no training dates scheduled for this course.