Splunk Training + Certification
Splunk Fundamentals 2
The newest comprehensive resource from Splunk Training + Certification is here.
- Free Courses
-
Learning Paths
- Courses for Users
-
Courses for Splunk Administrators
- Courses for Splunk Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Implementing Splunk SmartStore
- Splunk Workload Management
- Working with Metrics in Splunk
- Implementing Splunk Data Stream Processor (DSP)
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Courses for Splunk Architects
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
-
Courses for Enterprise Security Administrators
- Courses for Enterprise Security Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for Enterprise Security End-Users
-
Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Implementing Splunk IT Service Intelligence
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
-
Courses for Observability Customers
- Courses for Observability Customers
- Observability Fundamentals Series (eLearning)
- Using Splunk Infrastructure Monitoring
- Kubernetes Monitoring with Splunk
- Automation Using the REST and SignalFlow APIs
- Using the Splunk Terraform Provider
- Sending Custom Metrics to Splunk IM
- Using Splunk APM to Monitor Microservices-based Applications
- Advanced Monitoring of Microservices Applications Using Splunk APM
-
Certification Tracks
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Core Certified Advanced Power User
- Splunk Cloud Certified Admin
- Splunk Enterprise Certified Admin
-
Splunk Enterprise Certified Architect
- Splunk Enterprise Certified Architect
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
-
Splunk Core Certified Consultant
- Splunk Core Certified Consultant
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Deployment Practical Lab
- Splunk Fundamentals 3
- Creating Dashboards with Splunk
- Advanced Searching and Reporting
- Core Consultant Labs
- Services Core Implementation
- Splunk Phantom Certified Admin
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Transitioning to Splunk Cloud
- Architecting Splunk Enterprise Deployments
- Working with Metrics in Splunk
- Implementing Splunk SmartStore
- Splunk Workload Management
- Splunk Deployment Practical Lab
- Implementing Splunk Data Stream Processor (DSP)
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Administering Phantom
- Developing Phantom Playbooks
- Advanced Phantom Implementation
- Introduction to Splunk IM and Splunk APM
- Using Splunk Infrastructure Monitoring
- Kubernetes Monitoring with Splunk
- Using Splunk APM to Monitor Microservices-based Applications
- Automation Using the REST and SignalFlow APIs
- Using the Splunk Terraform Provider
- Sending Custom Metrics to Splunk IM
- Advanced Monitoring of Microservices Applications Using Splunk APM
- Services Core Implementation
- Core Consultant Labs
- IT Essentials Learn - Walkthrough
- Implementing the Splunk App for Infrastructure (SAI)
- Responding to Incidents with Splunk On-Call
- Splunk On-Call Administration
- Using Splunk Real User Monitoring
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise on Linux
- Installing Splunk Enterprise on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise
- Create a Dashboard in Splunk Enterprise
- Splunk Certification Candidate Journey
- Creating Alerts in Splunk Enterprise
-
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model (CIM).
Instructor-led Training Schedule
Instructor-on-demand
Have 30-day access to content, labs, live chat and a 20-minute scheduled session with an instructor.
Course Prerequisites
- Splunk Fundamentals 1
Course Topics
- Transforming commands and visualization
- Filtering and formatting
- Results
- Correlating events
- Knowledge objects
- Fields (Field aliases, field extractions, calculated fields)
- Tags and event types
- Macros
- Workflow actions
- Data models
- Splunk Common Information Model (CIM)
Course Objectives
Module 1 - Introduction
- Overview of Buttercup Games Inc.
- Lab environment
Module 2 - Beyond Search Fundamentals
- Search fundamentals review
- Case sensitivity
- Using the job inspector to view search performance
Module 3 - Using Transforming Commands for Visualizations
- Explore data structure requirements
- Explore visualization types
- Create and format charts and timecharts
Module 4 - Using Mapping and Single Value Commands
- The iplocation command
- The geostats command
- The geom command
- The addtotals command
Module 5 - Filtering and Formatting Results
- The eval command
- Using the search and where commands to filter results
- The filnull command
Module 6 - Correlating Events
- Identify transactions
- Group events using fields
- Group events using fields and time
- Search with transactions
- Report on transactions
- Determine when to use transactions vs. stats
Module 7 - Introduction to Knowledge Objects
- Identify naming conventions
- Review permissions
- Manage knowledge objects
Module 8 - Creating and Managing Fields
- Perform regex field extractions using the Field Extractor
(FX) - Perform delimiter field extractions using the FX
Module 9 - Creating Field Aliases and Calculated Fields
- Describe, create, and use field aliases
- Describe, create and use calculated fields
Module 10 - Creating Tags and Event Types
- Create and use tags
- Describe event types and their uses
- Create an event type
Module 11 - Creating and Using Macros
- Describe macros
- Create and use a basic macro
- Define arguments and variables for a macro
- Add and use arguments with a macro
Module 12 - Creating and Using Workflow Actions
- Describe the function of GET, POST, and Search workflow
actions - Create a GET workflow action
- Create a POST workflow action
- Create a Search workflow action
Module 13 - Creating Data Models
- Describe the relationship between data models and pivot
- Identify data model attributes
- Create a data model
- Use a data model in pivot
Module 14 - Using the Common Information Model (CIM) Add-On
- Describe the Splunk CIM
- List the knowledge objects included with the Splunk CIM
Add-On - Use the CIM Add-On to normalize data
