Courses for Enterprise Security Administrators

Learn to install, configure, manage, and use the Splunk App for Enterprise Security. This path is intended for Splunk Administrators that manage Splunk Enterprise Security deployments.

Notice: The following courses; Using Splunk, Searching and Reporting with Splunk, Creating Splunk Knowledge Objects, and Splunk Infrastructure Overview are now replaced with Splunk Fundamentals 1 and Splunk Fundamentals 2 (see new learning path below).

If you are a partner or have a subscription, you can continue to take the legacy classes and then take both the Certified User and Certified Power User exam.

Click on a course below to view a full course description, class schedules, and register.

e-learning
required
recommended
Splunk Fundamentals 1
This self-paced course teaches you how to search and navigate in Splunk, use fields, get statics from your data, create reports, dashboards, lookups, and alerts. It will also introduce you to Splunk's datasets features and Pivot interface.
View topics and register ››
Splunk Fundamentals 2This 4 virtual-day course focuses on additional SPL commands, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the CIM.
View topics and register ››
Advanced Dashboards and Visualizations This 2 virtual day course is designed for power users who want to create advanced dashboards, forms, and visualizations. Edit simple XML, use tokens, event handlers, drilldowns, custom stylesheets and more.
View topics and register ››
Advanced Searching and Reporting with Splunk This 3 virtual day course takes the Splunk search language to the next level. Learn powerful advanced commands and lookup methods.
View topics and register ››
Splunk Enterprise
System Administration
This 2 virtual day course is designed for system administrators who manage a Splunk Enterprise environment. Topics include Splunk license manager, indexers and search heads, configuration, management, and monitoring.
View topics and register ››
Splunk Enterprise
Data Administration
This 3 virtual day course is for data administrators who are responsible for getting data into Splunk. The course provides content about Splunk forwarders and methods to get remote data into Splunk.
View topics and register ››
Architecting Splunk
Enterprise Deployments
This 2 virtual day course focuses on large enterprise deployments. Learn best practices for planning, data collection, sizing and documenting a distributed deployment. 
View topics and register ››
Administering the Splunk App for Enterprise Security
This 3 virtual day course prepares architects and systems administrators to install, configure and manage the Splunk App for Enterprise Security.
View topics and register ››