Splunk Core Certified User - Learning Path

Build a strong foundation of basic Splunk platform skills. You’ll be able to search, use fields and look-ups, and create alerts and basic statistical reports and dashboards. This entry-level certification is ideal for either the Splunk Enterprise or Splunk Cloud platforms.

  • The Splunk Core Certified User Learning Path consists of 6 x half day Instructor led virtual courses (modules).
  • The learner have 365 days to complete all the relevant training in the Learning Path. 
  • The learner receives all of the available dates upon purchase of the learning path, and they are encouraged to build a plan that works for them. Learners will of course have the flexibility of rescheduling, if a date that they chose is no longer suitable for them.
  • The exam fee is not included in the Learning Path

Modules included in this path (see detailed description of each modules further down):

  • Statistical Processing (SSP) 
  • Working with Time (WWT) 
  • Leveraging Lookups and Subsearches (LLS)
  • Search Optimization (SSO) 
  • Enriching Data with Lookups (EDL) 
  • Data Models (SDM)

Certification

The Splunk Core Certified User is an optional entry point to the Splunk Certification program designed for candidates with little to no Splunk experience or prior knowledge.

By passing this entry-level certification exam you will show that you have a strong understanding of Splunk Enterprise and Splunk Cloud basics.

The exam fee is not included in this Learning Path!

Read more about the Splunk Core Certified exam

 

ORDER YOUR Splunk Core Certified User LEARNING PATH 

Statistical Processing (SSP)

This three-hour course is for power users who want to identify and use transforming commands and eval functions to calculate statistics on their data.

Objectives

  • Topic 1 – What is a Data Series
    • Introduce data series
    • Explore the difference between single-series, multi-series, and time series data series
  • Topic 2 – Transforming Data
    • Use the chart, timechart, top, rare, and stats commands to transform events into data tables
    • Explore search modes and their effect on search results
  • Topic 3 – Manipulating Data with eval Command
    • Understand the eval command
    • Explore and perform calculations using mathematical and statistical eval functions
    • Perform calculations and concatenations on field values
    • Use the eval command as a function with the stats command
  • Topic 4 – Formatting Data
    • Use the rename command
    • Use the sort command

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries

Working with Time (WWT)

This three-hour course is for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.

Objectives

  • Topic 1 – Searching with Time
    • Understand the_time field and timestamps
    • View and interact with the event Timeline
    • Use the earliest and latest time modifiers
    • Use the bin command with the _time field
  • Topic 2 – Formatting Time
    • Use various date and time eval functions to format time
  • Topic 3 – Using Time Commands
    • Use the timechart command
    • Use the timewrap command
  • Topic 4 – Working with Time Zones
    • Understand how time and timezones are represented in your data
    • Determine the time zone of your server
    • Use strftime to correct timezones in results

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries
  • The eval command

Leveraging Lookups and Subsearches (LLS) 

This three-hour course is designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.

Objectives

  • Topic 1 – Using Lookup Commands
    • Understand lookups
    • Use the inputlookup command to search lookup files
    • Use the lookup command to invoke field value lookups
    • Invoke geospatial lookups in search
  • Topic 2 – Adding a Subsearch
    • Define subsearch
    • Use subsearch to filter results
    • Identify when to use subsearch
    • Understand subsearch limitations and alternatives
  • Topic 3 – Using the return Command
    • Use the return command to pass values from a subsearch
    • Compare the return and fields commands

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries
  • Lookups

Search Optimization (SSO) 

This three-hour course is for power users who want to improve search performance. Topics will cover how search modes affect performance, how to create an efficient basic search, how to accelerate reports and data models, and how to use the tstats command to quickly query data.

Objectives

  • Topic 1 – Optimizing Search
    • Understand how search modes affect performance
    • Examine the role of the Splunk Search Scheduler
    • Review general search practices
  • Topic 2 – Report Acceleration
    • Define acceleration and acceleration types
    • Understand report acceleration and create an accelerated report
    • Reveal when and how report acceleration summaries are created
    • Search against acceleration summaries
  • Topic 3 – Data Model Acceleration
    • Understand data model acceleration
    • Accelerate a data model
    • Use the datamodel command to search data models
  • Topic 4 – Using the tstats Command
    • Explore the tstats command
    • Search acceleration summaries with tstats
    • Search data models with tstats
    • Compare tstats and stats

Audience
Search Experts Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating Search queries
  • Creating reports and data models

Enriching Data with Lookups (EDL)

This three-hour course is for knowledge managers who want to use
lookups to enrich their search environment. Topics will introduce
lookup types and cover how to upload and define lookups, create
automatic lookups, and use advanced lookup options. Additionally,
students will learn how to verify lookup contents in search and review
lookup best practices.

Objectives

  • Topic 1 – What is a Lookup?
    • Define a lookup and the default lookup types
    • Lookups and the search-time operation sequence
  • Topic 2 – Creating Lookups
    • Use file-based lookups at search time
    • Create (upload, define, configure) a lookup
    • Use an automatic lookup at search
  • Topic 3 – Geospatial Lookups
    • Understand geospatial lookups and KMZ/KML files
    • Add and define a geospatial lookup
  • Topic 4 – External Lookups
    • Understand external lookups
    • Explore the default lookup, external_lookup.py
    • Configure external lookups
  • Topic 5 – KV Store Lookups
    • Introduce KV Store lookups
    • Configure KV Store lookups
    • Compare file-based CSV lookups to KV Store lookups
  • Topic 6 – Best Practices for Lookups
    • Various best practices for using lookups

Audience
Search Experts and Knowledge Managers

Prerequisites
To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Knowledge objects

Data Models (SDM)

This three-hour course is for knowledge managers who want to learn
how to create and accelerate data models. Topics will cover datasets,
designing data models, using the Pivot editor, and accelerating data
models.

Objectives

  • Topic 1 - Introducing Data Model Datasets
    • Understand data models
    • Add event, search, and transaction datasets to data models
    • Identify event object hierarchy and constraints
    • Add fields based on eval expressions to transaction datasets
  • Topic 2 - Designing Data Models
    • Create a data model
    • Add root and child datasets to a data model
    • Add fields to data models
    • Test a data model
    • Define permissions for a data model
    • Upload/download a data model for backup and sharing
  • Topic 3 - Creating a Pivot
    • Identify benefits of using Pivot
    • Create and configure a Pivot
    • Visualize a Pivot
    • Save a Pivot
    • Use Instant Pivot
    • Access underlying search for Pivot
  • Topic 4 - Accelerating Data Model
    • Understand the difference between ad-hoc and persistent data model acceleration
    • Accelerate a data model
    • Describe the role of tsidx files in data model acceleration
    • Review considerations about data model acceleration
  • Topic 5 - Enriching Data
    • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Prerequisites
To be successful, students should have a solid understanding
of the following:

  • Search Under the Hood
  • Multivalue Fields
  • Creating Knowledge Objects