The Complete Splunk Core Certified User Course - SPLK-1001

Explore Splunk basics, what Splunk is, its core components, and how to install a single instance; navigate web interface, review home app, search and reporting app, plus users and roles.

Splunk is a software platform to search, analyze, and visualize machine generated data from routers, servers, and other devices, enabling insights to improve end user service experiences.

Explore Splunk components and how forwarders, indexers, and search heads interrelate, with deployment server management, licensing, and the monitoring console for enterprise deployments.

Learn to install splunk on windows, linux, or macos in physical, virtual, and container environments. Use trial packages with a splunk account, up to 500mb per day for 60 days.

Learn to navigate Splunk using the web user interface to administer data, manage users, and develop knowledge objects like reports, alerts, and dashboards.

Explore how Splunk apps extend the base package to index data from diverse sources, provide dashboards and field extractions, and organize workspaces with knowledge objects and ui elements.

Navigate the Splunk home app, use the Splunk bar and account and settings menus, and explore knowledge objects, data inputs, and monitoring tools to tailor user access.

Learn how the Splunk search and reporting app enables you to search, analyze, and visualize indexed data using the search bar, time range picker, and fast, smart, and verbose modes.

Learn Splunk core roles: admin, power, and user, and how to create users, assign roles, and manage private versus shared knowledge objects.

Index data into your Splunk deployment and learn how to use that data throughout the course. Explore the index-time process and data ingestion options, including training data.

Understand how raw data is indexed in Splunk by moving through input, parsing, and index time phases. Discover how forwarders, events, metadata extraction, timestamp creation, and licensing shape searchable data.

Learn how to add data in Splunk via the web interface using the add data icon and data inputs: upload, monitor, and forward, with source type, host, and timestamps recognized.

Explore Splunk's training data setup: web access logs and Linux secure logs from three hosts, plus locally generated event gen data, with host metadata and index and source type mappings.

Upload web server access and secure logs, assign source metadata, select access combined and linux secure source types, and create web and security indexes to run all-time searches.

Install and configure the event gen app in Splunk, generate events from web servers one through localhost, and use calculated fields knowledge objects to create result and failure code fields.

Learn to search in Splunk to gain insights from your data, starting with an overview of the search and reporting app. Use keywords, wildcards, and boolean expressions to refine queries.

Explore the search and reporting app basics, including the search bar and time range. Review metadata fields such as host, source, index, plus the event viewer and result tabs.

Explore searching in splunk with keywords and quoted phrases, including main index basics, role-based index access, and using double quotes to enforce phrase searches against the raw event field.

Use wildcards in Splunk searches with the star character. Place wildcards at the end of terms to improve performance, and avoid leading or middle placements to prevent inconsistent results.

Learn to build powerful Splunk searches by combining keywords and quoted phrases with uppercase boolean operators, using and as the implied connector, not for exclusion, and parentheses for clarity.

Discover how the search assistant in Splunk speeds search writing by showing matching terms from index data, recent searches, and available commands, with compact and full modes and parentheses guidance.

Explore how Splunk displays search results, highlighting terms and showing metadata fields (host, source, source type, index) in reverse chronological order, with drill-down actions and list, raw, and table views.

Learn how to set effective search time ranges in Splunk using the time range picker. Explore presets, relative and absolute time modifiers, and how search string modifiers override the picker.

Learn to read and manipulate the Splunk events timeline to visualize event distribution over time, filter results by bar clicks, and re-execute searches when zooming or selecting time ranges.

Manage Splunk search jobs via the job menu by editing permissions and lifetime, sharing access, pausing and resuming, inspecting duration, and exporting results in CSV, XML, or JSON.

Access the search history in the search and reporting app to re-run ad hoc queries, filter by terms like host 01 or 09, and re-execute using add to search.

Learn to search with field name value pairs in Splunk and use index, host, source, and source type to narrow results, while exploring the field sidebar and search operators.

Discover how fields—name/value pairs—narrow searches by specifying index, source type, and other fields, boosting efficiency. Learn field discovery, index-time and search-time extractions, and the field extractor utility.

Explore how the field discovery and field sidebar reveal alphanumeric and numeric fields, interesting and selected fields, and how to view all fields with top, rare, and time-based reports.

Explore searching with fields in splunk by matching field names to values, quoting spaces, using wildcards, cidr notation for subnets, and awareness of case sensitivity.

Master how to refine Splunk searches with uppercase boolean operators, using and, or, and not to combine fields, exclude actions, and narrowly target results.

Explore comparison and relational operators in Splunk searches, including equal, not equal, greater than, and less than, with examples using bytes, status, and action fields.

Explore Splunk search modes: fast, smart, and verbose, and their tradeoffs between speed and data completeness, including field discovery behavior and transforming commands outputs.

Learn to craft efficient Splunk searches by specifying indexes at the start, using or over wildcards, and narrowing results with precise terms and time filters.

Explore Splunk search language fundamentals, including syntax and pipeline readability, and learn to use commands such as fields, table, rename, sort, and dedupe to analyze indexed data.

Learn components of the Splunk search language, including search terms, field value pairs, commands, functions and arguments, and how the search pipeline uses pipes to apply eval, stats, and rename.

Improve splunk search pipeline readability by configuring SPL editor settings, including line numbers and search auto format. Learn how themes and syntax coloring distinguish commands, functions, booleans, and arguments.

Use the fields command to filter the displayed fields in Splunk search results, boosting performance by limiting field extractions. Learn about fields plus and fields minus with web index examples.

Use table command to generate a statistics table from fields Jsessionid, client IP, user agent, and bytes. Rename fields with the as clause to session ID and user IP address.

Sorts Splunk search results by specified fields using the sort command, showing ascending default, descending with minus, and multi-field sorts with comma separation and optional limit.

Learn to use the dedupe command to remove duplicate IP addresses and preserve unique combinations of user IP and status across your results.

Master transforming commands in Splunk, including stats and top, with functions like count, distinct count, sum, and average, and combine functions in the same command to format tables and visualizations.

Transforming commands order search results into a statistics table, using stats to count events by client IP and drive visualizations from the statistics tab with built-in charts and maps.

Use the stats command in Splunk to calculate statistics on search data, applying functions such as count, distinct count, sum, average, list, values, max, and mean.

Master the stats count function in Splunk, rename fields with as, and group results using by clauses and field arguments like zip code.

Learn to use the distinct count (DC) function in Splunk to count unique values in a field, rename results, and compare DC with distinct count.

Learn to use the stats command to compute sum and average on duration fields, group by partner, round results, and format durations with toString.

Master the stats command by using list and values functions to list all or unique values of a field, with response code and 100 value limit in a four-hour window.

Master combining multiple statistics functions in a stats command to produce a partner table with total events, zip-code metrics, total and average call time, using by, round, and toString formatting.

Master the top command to display a statistics table of the most common field values in Splunk, with count, percentage, and optional by clause groupings.

Explore the rare command in Splunk to compute statistics for the least common values, using the same constraints as top and showing count and percent by default for bottom values.

Learn to customize statistics tables generated by transforming commands using the format menu, general and summary settings, including wrap, raw numbers, row numbers, data overlays, totals, percentages, and column-specific options.

Format visualizations in Splunk by selecting suitable chart types from statistics tables, adjust axis titles, scales, legends, and data labels, and use drill-downs to explore data.

Explore saving searches, statistics tables, and visualizations as reports or dashboard panels in Splunk, shareable knowledge objects with permissions, and use lookups to enhance dashboards.

Save frequent searches as reports in splunk, share and schedule them, and build dashboards with refreshable panels to monitor IT operations, security, and business analytics.

Enforce a consistent naming convention for Splunk knowledge objects by combining department, object type (report or dashboard), and a descriptive purpose to improve manageability.

Create and save any Splunk search as a report, configure the title, description, time range, and permissions, and schedule delivery to share insights.

Access and manage Splunk reports across apps using the app navigation bar and knowledge settings, then edit queries and formatting, and configure permissions and time ranges.

Learn to turn searches into dashboard panels in Splunk, using inline panels, report panels, and pre-built panels, and assemble them into a new, private dashboard with classic dashboards.

Manage Splunk dashboards by editing panels, rearranging with drag-and-drop to two-per-row, configuring themes and drill-down links, and publishing with app-wide permissions.

Clone a dashboard in Splunk to safely update it, export its panels as a PDF for sharing, and schedule daily PDF deliveries by email, while adjusting hourly data and thresholds.

Set a default dashboard in Splunk Home and add a home dashboard to show key metrics on login. Use hourly and daily indicators to boost visibility.

Explore lookups in Splunk, from overview and types to creating CSV lookups and definitions, validating with inputlookup, and enabling automatic lookups to enrich results.

Learn how lookups enrich Splunk events by attaching external fields from a lookup table, enabling analysis by city, state, county, and interpreting fields like response codes.

Learn the four out of the box Splunk lookups: file-based csv lookups, kv store lookups for large dynamic data, external or scripted lookups, and geospatial lookups for map boundaries.

Create csv lookups in Splunk by uploading csv files in settings and lookups, then set destination file name; lookups use zip code mapping, response code mapping, and hourly partner price.

Create a lookup definition tied to a lookup table in Splunk to enable configurations and automatic lookups, with one csv file supporting multiple definitions.

Validate and explore lookups in Splunk with the inputlookup command, inspecting both lookup tables and definitions. Confirm zip code mapping, response code mapping, and hourly partner price data match.

Create a csv lookup directly from a search in Splunk using the output lookup command, validate with input lookup, and remove duplicates with count by.

Learn to enrich Splunk search results with the lookup command, adding external fields from zip code mappings (city, county, state) and integrate these into dashboards and reports.

Create automatic lookups in Splunk by linking lookup definitions to lookup tables and applying automatic lookup knowledge objects to a source type, outputting city, state, and price.

Explore how to create and manage scheduled reports and alerts in Splunk, including trigger actions and overall alert management, building on reports, dashboards, and lookups.

Schedule Splunk reports to run hourly, daily, weekly, monthly, or cron and send results by email or to lookups; create alerts by saving searches with trigger conditions.

Learn to create and schedule Splunk reports, set frequency and priority, choose trigger actions like email with CSV or PDF attachments, and format and sort daily partner totals.

Manage scheduled reports in Splunk by accessing, editing run times, adjusting permissions from app level to all apps, and configuring run as options and embed for web access.

Create and manage Splunk alerts by defining trigger conditions, choosing scheduled or real-time types, throttling by partner, and using trigger actions like email, log, and webhook.

Configure trigger actions for Splunk alerts by assigning severity, viewing triggered alerts with filters, and using log event and email actions to log and email alerts.

Learn how to edit Splunk alerts by adjusting thresholds, throttling intervals, and trigger actions, and manage share permissions at app level to control who can read or write.