SPLK-1001: Splunk Core Certified User Study Guide

The SPLK-1001: Splunk Core Certified User Study Guide contains the official objectives that will provide proper knowledge to the candidates with the goal to upgrade their skills or simply to confirm what they already know. The main objectives are covering Splunk basics and searching, how to use fields in searches, using basic transforming commands as well as covering reports, dashboards, lookups and alerts.

This study guide includes explanations for both correct and incorrect answers, providing future candidates to learn and understand the concepts and methodologies that are appended to the SPLK-1001: Splunk Core Certified User exam objectives while going through the practice tests.

Each of the practice exams grants the learner with enough time in order to respond to all questions. The idea is to provide candidates with extended time to learn and confirm their skills while preparing for the certification.

The intent here is not a “run against the clock” training exam. It is focused on providing the proper knowledge in regards to server administrators managing simple or complex server environments.

The following objectives are covered:

1.0 Splunk Basics

1.1 Splunk components

1.2 Understand the uses of Splunk

1.3 Define Splunk apps

1.4 Customizing user settings

1.5 Basic navigation in Splunk

2.0 Basic Searching

2.1 Run basic searches

2.2 Set the time range of a search

2.3 Identify the contents of search results

2.4 Refine searches

2.5 Use the timeline

2.6 Work with events

2.7 Control a search job

2.8 Save search results

3.0 Using Fields in Searches

3.1 Understand fields

3.2 Use fields in searches

3.3 Use the fields sidebar

4.0 Search Language Fundamentals

4.1 Review basic search commands and general search practices

4.2 Examine the search pipeline

4.3 Specify indexes in searches

4.4 Use the following commands to perform searches: tables, rename, fields, dedup, and sort

5.0 Using Basic Transforming Commands

5.1 The top command

5.2 The rare command

5.3 The stats command

6.0 Creating Reports and Dashboards

6.1 Save a search as a report

6.2 Edit reports

6.3 Create reports that display statistics (tables)

6.4 Create reports that display visualizations (charts)

6.5 Create a dashboard

6.6 Add a report to a dashboard

6.7 Edit a dashboard

7.0 Creating and Using Lookups

7.1 Describe lookups

7.2 Examine a lookup file example

7.3 Create a lookup file and create a lookup definition

7.4 Configure an automatic lookup

7.5 Use the lookup in searches

8.0 Creating Scheduled Reports and Alerts

8.1 Describe scheduled reports

8.2 Configure scheduled reports

8.3 Describe alerts

8.4 Create alerts

8.5 View fired alerts

At the end of this study guide, candidates will be better prepared for the official SPLK-1001: Splunk Core Certified User certification exam.