Topic 1 – Intro to Splunk
▪ Splunk components
▪ Basic Splunk functions
Topic 2 – Using Splunk
▪ Define Splunk apps
▪ Understand Splunk user roles
▪ Search & Reporting app
▪ Splunk Web interface
Topic 3 – Using Search
▪ Run basic searches
▪ Set the time range of a search
▪ Save search results
▪ Identify the contents of search results
▪ Work with events
▪ Share search jobs
▪ Export search results
▪ Select search modes
▪ Control a search job
Topic 4 – Exploring Events
▪ Refine searches
▪ Understand timestamps
▪ Use the events tab to add and remove terms from a search
Topic 5 – Search Processing Language
▪ Use wildcards to search for multiple terms
▪ Understand case sensitivity in searches
▪ Use booleans to include and exclude search criteria
▪ Use special characters with search terms
Topic 6 – What are Commands?
▪ Understand the anatomy of Splunk’s search language:
o Search terms
o Commands
o Functions
o Arguments
o Clauses
▪ Understand best practices for writing searches
Topic 7 – What are Knowledge Objects?
▪ Identify the five categories of knowledge objects:
o Data interpretation
o Data classification
o Data Enrichment
o Data Normalization
o Data Models
▪ Understand types of knowledge objects
Topic 8 – Creating Reports and Dashboards
▪ Save a search as a report
▪ Edit reports
▪ Use transforming commands to create visualizations
▪ Create a dashboard
▪ Add a report to a dashboard
▪ Edit a dashboard
Splunk Core Certified User
Test blueprint:
❏ Intro to Splunk
❏ Using Fields
❏ Scheduling Reports and Alerts
❏ Visualizations
❏ Working with Time
❏ Statistical Processing
❏ Leveraging Lookups and Subsearches
❏ Search Optimization