Splunk On-Call Administration (SOCA)

 

Course Content

This 4.5-hour virtual module describes the tasks required to set up on-call teams, including defining schedules, on-call rotations and shifts. Learn to set-up and configure alerts and integrations. Create post-incident review reports, track response metrics and customize reports. Use advanced features such as the Rules engine for advanced customization and configure webhook integrations. All concepts are taught using lectures and scenario-based hands-on activities.

Who should attend

This module is targeted towards Splunk On-call admins responsible for setting up incident response with Splunk On-Call.

Prerequisites

None.

Course Objectives

  • Set up Splunk On-Call teams
  • Set up integrations and configure alerts
  • Report on team activity and performance
  • Use the Rules engine to trigger custom alerts
  • Set up webhook integrations

Outline: Splunk On-Call Administration (SOCA)

Topic 1 – Introduction and Planning

  • Create a plan for incident response
  • Describe the flow of a typical incident in Splunk On-Call
  • Explain the Splunk on-call concepts including Escalation Policies, Incidents, and Actions
  • Create new users
  • Create user paging (notification) policies
  • Plan on-call schedules

Topic 2 – Users, Teams, Rotations and Escalation Policies

  • Describe the Splunk On-Call setup flow
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules including shifts, rotations, and members
  • Build Escalation Policies for incoming incidents

Topic 3 – Configuring Integrations and Alerts

  • Describe the purpose of a routing key
  • Create a routing key using best practices
  • Configure Splunk On-Call integrations

Topic 4 – Reporting on Team Activity and Performance

  • Differentiate between the types of reports
  • Create a post-incident review report
  • Track response metrics
  • Customize on-call Review report
  • Track flow of incidents after the fact using the Incident Frequency report (Enterprise edition only)

Topic 5 – Advanced Features

  • Use the Alert Rules Engine to add annotations to an incident
  • Use the Alert Rules Engine to transform an alert
  • Re-route or mute incidents based on content
  • Create outgoing Webhooks to extend product functionality
  • Use the public API portal to find details on the public API

Prices & Delivery methods

Online Training

Duration
4.5 hours

Price
  • US $ 500
  • Splunk Training Units: 50 SPC
Classroom Training

Duration
4.5 hours

Price
  • United States: US $ 500
  • Splunk Training Units: 50 SPC

Schedule

Currently there are no training dates scheduled for this course.