Topic 1 – Intro to Splunk

▪ Splunk components

▪ Basic Splunk functions

Topic 2 – Using Splunk

▪ Define Splunk apps

▪ Understand Splunk user roles

▪ Search & Reporting app

▪ Splunk Web interface

Topic 3 – Using Search

▪ Run basic searches

▪ Set the time range of a search

▪ Save search results

▪ Identify the contents of search results

▪ Work with events

▪ Share search jobs

▪ Export search results

▪ Select search modes

▪ Control a search job

Topic 4 - Exploring Events

▪ Refine searches

▪ Understand timestamps

▪ Use the events tab to add and remove terms from a search

Topic 5 – Search Processing Language

▪ Use wildcards to search for multiple terms

▪ Understand case sensitivity in searches

▪ Use booleans to include and exclude search criteria

▪ Use special characters with search terms

Topic 6 – What are Commands?

▪ Understand the anatomy of Splunk's search language:

o Search terms
o Commands
o Functions
o Arguments
o Clauses

▪ Understand best practices for writing searches

Topic 7 – What are Knowledge Objects?

▪ Identify the five categories of knowledge objects:

o Data interpretation
o Data classification
o Data Enrichment
o Data Normalization
o Data Models
▪ Understand types of knowledge objects

Topic 8 – Creating Reports and Dashboards

▪ Save a search as a report

▪ Edit reports

▪ Use transforming commands to create visualizations

▪ Create a dashboard

▪ Add a report to a dashboard

▪ Edit a dashboard