Splunk Core Certified Power User - Learning Path

Extend your understanding of the Splunk platform as a power user. You’ll develop basic competence with searching and reporting commands and be able to create knowledge objects, tags, event types, workflow actions and data models. You’ll use field aliases, calculator fields and macros, and learn how to normalize data with the Common Information Model in the Splunk platform. This entry-level exam establishes a baseline for users of Splunk Enterprise and Splunk Cloud platform software.

  • The Splunk Core Certified User Learning Path consists of 8 x half day Instructor led virtual courses (modules).
  • The learner have 365 days to complete all the relevant training in the Learning Path. 
  • The learner receives all of the available dates upon purchase of the learning path, and they are encouraged to build a plan that works for them. Learners will of course have the flexibility of rescheduling, if a date that they chose is no longer suitable for them.
  • The exam fee is not included in the Learning Path

Modules included in this path (see detailed description of each modules further down):

  • Working with Time (WWT)
  • Statistical Processing (SSP) 
  • Comparing Values (SCV) 
  • Result Modification (SRM)
  • Correlation Analysis (SCLAS) 
  • Creating Knowledge Objects (CKO) 
  • Creating Field Extractions (CFE) 
  • Data Models (SDM) 

Certification

The Splunk Core Certified Power User is....

By passing this entry-level certification exam you will show that you have a strong understanding of Splunk Enterprise and Splunk Cloud basics.

Read more about the Splunk Core Certified Power User exam

 

ORDER YOUR Splunk Core Certified POWER User LEARNING PATH 

Working with Time (WWT)

This three-hour course is for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.

Objectives

  • Topic 1 – Searching with Time
    • Understand the_time field and timestamps
    • View and interact with the event Timeline
    • Use the earliest and latest time modifiers
    • Use the bin command with the _time field
  • Topic 2 – Formatting Time
    • Use various date and time eval functions to format time
  • Topic 3 – Using Time Commands
    • Use the timechart command
    • Use the timewrap command
  • Topic 4 – Working with Time Zones
    • Understand how time and timezones are represented in your data
    • Determine the time zone of your server
    • Use strftime to correct timezones in results

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries
  • The eval command

Statistical Processing (SSP)

This three-hour course is for power users who want to identify and use transforming commands and eval functions to calculate statistics on their data.

Objectives

  • Topic 1 – What is a Data Series
    • Introduce data series
    • Explore the difference between single-series, multi-series, and time series data series
  • Topic 2 – Transforming Data
    • Use the chart, timechart, top, rare, and stats commands to transform events into data tables
    • Explore search modes and their effect on search results
  • Topic 3 – Manipulating Data with eval Command
    • Understand the eval command
    • Explore and perform calculations using mathematical and statistical eval functions
    • Perform calculations and concatenations on field values
    • Use the eval command as a function with the stats command
  • Topic 4 – Formatting Data
    • Use the rename command
    • Use the sort command

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries

Comparing Values (SCV) 

This three-hour course is for power users who want to learn how to compare field values using eval functions and eval expressions. Topics will focus on using the comparison and conditional functions of the eval command, and using eval expressions with the fieldformat and where commands.

Objectives

  • Topic 1 – Using eval to Compare
    • Understand the eval command
    • Explain evaluation functions
    • Identify and use comparison and conditional functions
    • Use the fieldformat command to format field values
  • Topic 2 – Filtering with where
    • Use the where command to filter results
    • Use wildcards with the where command
    • Filter fields with the information functions, isnull and isnotnull
  • Topic 3 – Using Fields in Searches
    • Use fields correctly in basic searches
    • Use fields with operators
    • Use the rename command
    • Use the fields command to improve search performance
  • Topic 4 – Comparing Temporary versus Persistent Fields
    • Differentiate between temporary and persistent fields
    • Create temporary fields with the eval command
    • Extract temporary fields with the erex and rex commands
  • Topic 5 – Enriching Data
    • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries

Result Modification (SRM)

This three-hour course is for power users who want to use commands to manipulate output and normalize data. Topics will focus on specific commands for manipulating fields and field values, modifying result sets, and managing missing data. Additionally, students will learn how to use specific eval command functions to normalize fields and field values across multiple data sources.

Objectives

  • Topic 1 – Manipulating Output
    • Convert a 2-D table into a flat table with the untable command
    • Convert a flat table into a 2-D table with thexyseries command
  • Topic 2 – Modifying Result Sets
    • Append data to search results with the appendpipe command
    • Calculate event statistics with the eventstats command
    • Calculate "streaming" statistics with the streamstats command
    • Modify values to segregate events with the bin command
  • Topic 3 – Managing Missing Data
    • Find missing and null values with the fillnull command
  • Topic 4 – Modifying Field Values
    • Understand the eval command
    • Use conversion and text eval functions to modify field values
    • Reformat fields with the foreach command
  • Topic 5 – Normalizing with eval
    • Normalize data with eval functions
    • Identify eval functions to use for data and field normalization

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries
  • Knowledge Objects

Correlation Analysis (SCLAS) 

 

 

Creating Knowledge Objects (CKO) 

 

 

 

Creating Field Extractions (CFE)

 

 

 

Data Models (SDM)

This three-hour course is for knowledge managers who want to learn
how to create and accelerate data models. Topics will cover datasets,
designing data models, using the Pivot editor, and accelerating data
models.

Objectives

  • Topic 1 - Introducing Data Model Datasets
    • Understand data models
    • Add event, search, and transaction datasets to data models
    • Identify event object hierarchy and constraints
    • Add fields based on eval expressions to transaction datasets
  • Topic 2 - Designing Data Models
    • Create a data model
    • Add root and child datasets to a data model
    • Add fields to data models
    • Test a data model
    • Define permissions for a data model
    • Upload/download a data model for backup and sharing
  • Topic 3 - Creating a Pivot
    • Identify benefits of using Pivot
    • Create and configure a Pivot
    • Visualize a Pivot
    • Save a Pivot
    • Use Instant Pivot
    • Access underlying search for Pivot
  • Topic 4 - Accelerating Data Model
    • Understand the difference between ad-hoc and persistent data model acceleration
    • Accelerate a data model
    • Describe the role of tsidx files in data model acceleration
    • Review considerations about data model acceleration
  • Topic 5 - Enriching Data
    • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Prerequisites
To be successful, students should have a solid understanding
of the following:

  • Search Under the Hood
  • Multivalue Fields
  • Creating Knowledge Objects