Course Overview
A Splunk Core Certified Power User has a basic understanding of SPL searching and reporting commands and can create knowledge objects, use field aliases and calculated fields, create tags and event types, use macros, create workflow actions and data models, and normalize data with the Common Information Model in either the Splunk Enterprise or Splunk Cloud platforms. This certification demonstrates an individual's foundational competence of Splunk’s core software.
A Splunk Enterprise Certified Admin manages various components of Splunk Enterprise on a daily basis, including license management, indexers and search heads, configuration, monitoring, and getting data into Splunk. This certification demonstrates an individual's ability to support the day-to-day administration and health of a Splunk Enterprise environment.
This Learning Path is usually delivered over a period of 3 weeks, but students can choose to schedule their modules in an alternative timeline.
Who should attend
Candidates who wish to prepare for the Splunk Enterprise Certified Admin exam and who have not completed the prerequisite Splunk Core Certified Power User exam.
Prerequisites
To prepare for any Splunk Certification-Based Learning Path, students should complete these free introductory e-learning modules:
- Intro to Splunk (ITS)
- Using Fields (Free) (SUFF) OR Using Fields (SUF) (fee required; includes hands-on labs)
And before starting this Fast Track, students should complete these free e-learning modules:
Course Content
This Learning Path contains the following modules:
- Statistical Processing (SSP)
- Working with Time (WWT)
- Comparing Values (SCV)
- Result Modification (SRM)
- Correlation Analysis (SCLAS)
- Search Under the Hood (SUH) e-learning
- Intro to Knowledge Objects (IKO) e-learning
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Data Models (SDM)
- Using Choropleth (SUC)
- !Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)