Splunk On-Call Administration (SOCA) – Outline

Detailed Course Outline

Topic 1 – Introduction and Planning

  • Create a plan for incident response
  • Describe the flow of a typical incident in Splunk On-Call
  • Explain the Splunk on-call concepts including Escalation Policies, Incidents, and Actions
  • Create new users
  • Create user paging (notification) policies
  • Plan on-call schedules

Topic 2 – Users, Teams, Rotations and Escalation Policies

  • Describe the Splunk On-Call setup flow
  • Differentiate between Splunk On-Call user roles
  • Create teams and add users using both the UI and API
  • Add and remove team managers
  • Create on-call schedules including shifts, rotations, and members
  • Build Escalation Policies for incoming incidents

Topic 3 – Configuring Integrations and Alerts

  • Describe the purpose of a routing key
  • Create a routing key using best practices
  • Configure Splunk On-Call integrations

Topic 4 – Reporting on Team Activity and Performance

  • Differentiate between the types of reports
  • Create a post-incident review report
  • Track response metrics
  • Customize on-call Review report
  • Track flow of incidents after the fact using the Incident Frequency report (Enterprise edition only)

Topic 5 – Advanced Features

  • Use the Alert Rules Engine to add annotations to an incident
  • Use the Alert Rules Engine to transform an alert
  • Re-route or mute incidents based on content
  • Create outgoing Webhooks to extend product functionality
  • Use the public API portal to find details on the public API