Splunk Cloud Overview

Question 1

What does Splunk Cloud provide?

Answer 1

• Hosted and supported by Splunk
• Enterprise functionality and features hosted on someone else’s machines
• Reliability for data processing and search
• Faster time to value with Splunk managed environment and hosted software. Reduced infra investment.

Question 2

Splunk Cloud deployment is ______.

Answer 2

Automated, highly flexible, and scalable.

Question 3

True or False: Splunk Cloud has the same components as Splunk Enterprise.

Answer 3

True.

Question 4

What are the components of Splunk?

Answer 4

• Universal and/or Heavy Forwarders
• Search Head
• Indexer(s)
• Manager Node
• License Manager

Question 5

What components of a Splunk Cloud deployment are considered on-prem/customer cloud?

Answer 5

• Universal/Heavy Forwarders
• Optional Intermediate UF/HF

Question 6

What components of a Splunk Cloud deployment are considered hosted?

Answer 6

• Search Head(s)
• Indexer(s)
• Manager Node
• License Manager

Question 7

What is required to access Forwarders?

Answer 7

SSL secure connection access.

Question 8

What are customer responsibilities in a Splunk Cloud deployment?

Answer 8

• Forwarding data to Splunk
• Managing configurations such as source type, index and contextual details
• Administer and coordinate changes to manage users, data retention, config and maintenance, license, ingestion, etc.

Question 9

What aspects of a Splunk Cloud deployment are managed by Splunk?

Answer 9

Reliability.

• Ingestion and data management
• Indexing and storage of data
• Searchable data access

Question 10

What licensing options are available to Splunk Cloud customers?

Answer 10

• Ingestion based
• Infrastructure usage-based

Question 11

How is license option determined for a customer?

Answer 11

Based on:
- Current and future ingestion size
- Correct sizing calculated on potential workload
- Need for flexibility and scalability

Question 12

Ingestion violations are _____.

Answer 12

Not enforced.

They are monitored and adjustments to volume or infrastructure resourcing is done on:
- Usage review of consumption
- To meet performance challenges and customer growth.

Question 13

How does ingestion licensing work?

Answer 13

Aggregated daily volume of data indexed as GB/day of data ingest.

• All Splunk capabilities at a set cost for ingesting data
• No additional costs to increase resources for index or search activities.
• Additional data can be purchased to the next ingest level available or to unlimited data volumes.

Question 14

How does workload/infrastructure licensing work?

Answer 14

Splunk Virtual Core (SVC) units of data processing capacity used for a mix of ingest and search.

• All Splunk capabilities at a set cost of a fixed size infrastructure deployed.
• No ingestion violation - allowed unmetered ingest

Question 15

How are Splunk Virtual Cores (SVCs) measured?

Answer 15

SVCs are measured as units of Compute, Memory, and I/O resources consumed by Splunk processes.

Question 16

What are the benefits of Splunk Cloud?

Answer 16

• Advice and troubleshooting support
• Asset management and automated infra deployment
• Automated processing and implementation
• Regular maintenance and upgrade
• Monitoring and alerting of system health and security
• IT ops and Security specialists
• 24/7 Network Operation Center

Question 17

What are Splunk Cloud’s Secure Controls

Answer 17

• Limited managed access to host components
  
  • Search Head GUI access only
  • No CLI access
  • No License pooling
    Cloud Application Vetting compliance
  • Installed apps should comply to vetting policy, ensures data security and improved platform visibility
• Secure forwarding using Forwarder Credentials App
  
  • Secure SSL and TLS forwarding unique to customer environment

Question 18

What are the two designations of Splunk Cloud deployments?

Answer 18

• Classic
• Victoria

Question 19

What is the difference between Splunk Cloud Classic and Victoria deployments?

Answer 19

• HEC Configuration
• Hybrid Search (not supported in Victoria)
• IDM (No IDM on Victoria experience)
• Self-Service App Installation

Question 20

What is the difference in CLI from On-Prem and Cloud?

Answer 20

On-prem supports CLI, Cloud does not have access.

Question 21

What is the difference in Apps from On-Prem and Cloud?

Answer 21

On-prem customers decide what apps run in a deployment, Cloud customers can only install vetted and approved apps.

Question 22

What is the difference in Direct TCP and syslog inputs from On-Prem and Cloud?

Answer 22

On-prem supports these, Cloud customers cannot send these directly to Splunk Cloud.

Question 23

What is the difference in Scripted alerts from On-Prem and Cloud?

Answer 23

On-prem supports these, Cloud only supports them in the context of approved apps.

Question 24

What is the difference in License pooling from On-Prem and Cloud?

Answer 24

Supported on-prem, not supported in Cloud

Question 25

What is the difference in HEC from On-Prem and Cloud?

Answer 25

On-prem has it enabled by default, Splunk Cloud has it enabled via ELB on port 443.

Question 26

What is the difference in Splunk API from On-Prem and Cloud?

Answer 26

On-prem has it enabled by default, Cloud has it accessible by Cloud Support and API Self-service App

Question 27

What is the difference in Network Connection from On-Prem and Cloud?

Answer 27

On-prem can use TCP and UDP, optional secure connection; Cloud can use inbound TCP only with SSL secure connection.