Splunk Course Details

Topic 1 – Intro to Splunk

▪ Splunk components

▪ Basic Splunk functions

Topic 2 – Using Splunk

▪ Define Splunk apps

▪ Understand Splunk user roles

▪ Search & Reporting app

▪ Splunk Web interface

Topic 3 – Using Search

▪ Run basic searches

▪ Set the time range of a search

▪ Save search results

▪ Identify the contents of search results

▪ Work with events

▪ Share search jobs

▪ Export search results

▪ Select search modes

▪ Control a search job

Topic 4 – Exploring Events

▪ Refine searches

▪ Understand timestamps

▪ Use the events tab to add and remove terms from a search

Topic 5 – Search Processing Language

▪ Use wildcards to search for multiple terms

▪ Understand case sensitivity in searches

▪ Use booleans to include and exclude search criteria

▪ Use special characters with search terms

Topic 6 – What are Commands?

▪ Understand the anatomy of Splunk’s search language:

o Search terms

o Commands

o Functions

o Arguments

o Clauses

▪ Understand best practices for writing searches

Topic 7 – What are Knowledge Objects?

▪ Identify the five categories of knowledge objects:

o Data interpretation

o Data classification

o Data Enrichment

o Data Normalization

o Data Models

▪ Understand types of knowledge objects

Topic 8 – Creating Reports and Dashboards

▪ Save a search as a report

▪ Edit reports

▪ Use transforming commands to create visualizations

▪ Create a dashboard

▪ Add a report to a dashboard

▪ Edit a dashboard

Splunk Core Certified User

Test blueprint:

❏ Intro to Splunk

❏ Using Fields

❏ Scheduling Reports and Alerts

❏ Visualizations

❏ Working with Time

❏ Statistical Processing

❏ Leveraging Lookups and Subsearches

❏ Search Optimization