Trending Courses

Vendors

Skip Navigation Links

Overview

A Splunk Core Certified User is able to search, use fields, create alerts, use look-ups, and create basic statistical reports and dashboards in either the Splunk Enterprise or Splunk Cloud platforms. This optional entry-level certification demonstrates an individual's basic ability to navigate and use Splunk software.
img-course-overview.jpg

What You'll Learn

Please refer to the course overview

Who Should Attend

The course is intended for students or anyone who wants to learn the basics of Splunk
img-who-should-learn.png

Prerequisites

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations

Learning Journey

Coming Soon...

Module 1 - Working with Time

Topic 1 – Searching with Time

  • Understand the_time field and timestamps
  • View and interact with the event Timeline
  • Use the earliest and latest time modifiers
  • Use the bin command with the _time field

Topic 2 – Formatting Time

  • Use various date and time eval functions to format time

Topic 3 – Using Time Commands

  • Use the timechart command
  • Use the timewrap command

Topic 4 – Working with Time Zones

  • Understand how time and timezones are represented in your data
  • Determine the time zone of your server
  • Use strftime to correct timezones in results

Module 2 - Statistical Processing

 Topic 1 – What is a Data Series

  • Introduce data series
  • Explore the difference between single-series, multi-series, and time series data series

Topic 2 – Transforming Data

  • Use the chart, timechart, top, rare, and stats commands to transform events into data tables
  • Explore search modes and their effect on search results

Topic 3 – Manipulating Data with eval Command

  • Understand the eval command
  • Explore and perform calculations using mathematical and statistical eval functions
  • Perform calculations and concatenations on field values
  • Use the eval command as a function with the stats command

Topic 4 – Formatting Data

  • Use the rename command
  • Use the sort command

Module 3 - Leveraging Lookups and Subsearches

Topic 1 – Using Lookup Commands

  • Understand lookups
  • Use the inputlookup command to search lookup files
  • Use the lookup command to invoke field value lookups
  • Invoke geospatial lookups in search

Topic 2 – Adding a Subsearch

  • Define subsearch
  • Use subsearch to filter results
  • Identify when to use subsearch
  • Understand subsearch limitations and alternatives

Topic 3 – Using the return Command

  • Use the return command to pass values from a subsearch
  • Compare the return and fields commands

Module 4 - Search Optimization

Topic 1 – Optimizing Search

  • Understand how search modes affect performance
  • Examine the role of the Splunk Search Scheduler
  • Review general search practices

Topic 2 – Report Acceleration

  • Define acceleration and acceleration types
  • Understand report acceleration and create an accelerated report
  • Reveal when and how report acceleration summaries are created
  • Search against acceleration summaries

Topic 3 – Data Model Acceleration

  • Understand data model acceleration
  • Accelerate a data model
  • Use the datamodel command to search data models

Topic 4 – Using the tstats Command

  • Explore the tstats command
  • Search acceleration summaries with tstats
  • Search data models with tstats
  • Compare tstats and stats

Module 5 - Enriching Data with Lookups

Topic 1 – What is a Lookup?

  • Define a lookup ad the default lookup types
  • Lookups and the search-time operation sequence

Topic 2 – Creating Lookups

  • Use file-based lookups at search time
  • Create (upload, define, configure) a lookup
  • Use an automatic lookup at search

Topic 3 – Geospatial Lookups

  • Understand geospatial lookups and KMZ/KML files
  • Add and define a geospatial lookup

Topic 4 – External Lookups

  • Understand external lookups
  • Explore the default lookups, external_lookup.py
  • Configure external lookups

Topic 5 – KV Store Lookups

  • Introduce KV Store lookups
  • Configure KV Store lookups
  • Compare file-based CSV lookups to KV Store lookups

Topic 6 – Best Practices for Lookups

  • Various best practices for using lookups

Module 6 - Data Models

Topic 1 – Introducing Data Model Datasets

  • Understand data models
  • Add event, search, and transaction datasets to data models
  • Identify event objects hierarchy and constraints
  • Add fields based on eval expressions to transaction datasets

Topic 2 – Designing Data Models

  • Create a data model
  • Add root and child datasets to a data model
  • Add fields to data models
  • Test a data model
  • Define permissions for a data model
  • Upload/download a data model for backup and sharing

Topic 3 – Creating a Pivot

  • Identify benefits of using Pivot
  • Create and configure a Pivot
  • Visualize a Pivot
  • Save a Pivot
  • Use Instant Pivot
  • Access underlying search for Pivot

Topic 4 – Accelerating Data Model

  • Understand the difference between ad-hoc and persistent data model acceleration
  • Accelerate a data model
  • Describe the role of tsidx files in data model acceleration
  • Describe the role of tsidx files in data model acceleration
  • Review considerations about data model acceleration

Topic 5 – Enriching Data

  • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Splunk Core Certified User

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

Browse All Courses
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2025. All rights reserved.