Splunk On-Call Administration (SOCA)

 

Contenu

This 4.5-hour virtual module describes the tasks required to set up on-call teams, including defining schedules, on-call rotations and shifts. Learn to set-up and configure alerts and integrations. Create post-incident review reports, track response metrics and customize reports. Use advanced features such as the Rules engine for advanced customization and configure webhook integrations. All concepts are taught using lectures and scenario-based hands-on activities.

A qui s'adresse cette formation

This module is targeted towards Splunk On-call admins responsible for setting up incident response with Splunk On-Call.

Pré-requis

None.

Objectifs

  • Set up Splunk On-Call teams
  • Set up integrations and configure alerts
  • Report on team activity and performance
  • Use the Rules engine to trigger custom alerts
  • Set up webhook integrations

Outline: Splunk On-Call Administration (SOCA)

Topic 1 – Introduction and Planning

  • Create a plan for incident response
  • Describe the flow of a typical incident in Splunk On-Call
  • Explain the Splunk on-call concepts including Escalation Policies, Incidents, and Actions
  • Create new users
  • Create user paging (notification) policies
  • Plan on-call schedules

Topic 2 – Users, Teams, Rotations and Escalation Policies

  • Describe the Splunk On-Call setup flow
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules including shifts, rotations, and members
  • Build Escalation Policies for incoming incidents

Topic 3 – Configuring Integrations and Alerts

  • Describe the purpose of a routing key
  • Create a routing key using best practices
  • Configure Splunk On-Call integrations

Topic 4 – Reporting on Team Activity and Performance

  • Differentiate between the types of reports
  • Create a post-incident review report
  • Track response metrics
  • Customize on-call Review report
  • Track flow of incidents after the fact using the Incident Frequency report (Enterprise edition only)

Topic 5 – Advanced Features

  • Use the Alert Rules Engine to add annotations to an incident
  • Use the Alert Rules Engine to transform an alert
  • Re-route or mute incidents based on content
  • Create outgoing Webhooks to extend product functionality
  • Use the public API portal to find details on the public API

Prix & Delivery methods

Formation en ligne

Durée
0,5 jours

Prix
  • Online Training : CAD 635,–
  • Online Training : US$ 500,–
  • Splunk Training Credits : 50 SPC
Formation en salle équipée

Durée
0,5 jours

Prix
  • Canada : CAD 635,–
  • Splunk Training Credits : 50 SPC

Cliquez sur le nom de la ville ou sur « Formation en ligne » pour réserver Agenda

This is an Instructor-Led Classroom course
Instructor-led Online Training :   Cours en ligne avec instructeur
*   This class is delivered by a partner.

Etats-Unis

Formation en ligne 09:00 US/Eastern 2 jours Cette formation est réalisée par un partenaire S'inscrire
Formation en ligne 09:00 US/Eastern 2 jours Cette formation est réalisée par un partenaire S'inscrire
Formation en ligne 09:00 US/Pacific 2 jours Cette formation est réalisée par un partenaire S'inscrire