Category Archives: Splunk

Splunk Core Certified User Certification Quick Tips

Posted on by Sarath Dontireddy

I’m happy to share with you all that i have successfully completed Splunk Core Certified User certification. My personal take on the exam.

  • My background i have been using Splunk at job for day today activities, so if you have experience with Splunk then complexity level is easy.
  • However if you are starting a fresh would recommend to complete all the labs mentioned in the training and thoroughly practice commands mentioned below
  • And pay special attentions to the Context Menus on each of the different screens
  • Take a notes of best practices mentioned in the Splunk Fundamental 1 training course
  • Providing some quick refresher topics and highlighting some of the areas that i haven’t payed attention and had to spend little more time answering them carefully during the exam.

Please use this as a quick guide to the topics that you would need to pay attention while preparing for SPLUNK core certified User .

My intention is not to give all the questions and answers that i got in the exam but to give you quick idea on some minor details we often dont pay attention while performing SPLUNK labs or even with day-today activities with SPLUNK. So im going to put together some ares that you would need to pay attention .

Disclaimer : This is not a comprehensive list of topics . Points are based on my personal experience , So please try to use this as a refresher for topics that needs to be covered before taking the exam.

  • Search
    • Search Screen timezone , zoom options , time picker
    • _time ,earliest and latest options
    • Search SideBar Context Menus
      • Add All
    • Selected Fields and interested fields
      • Sourcetype , host , index etc
      • How to make interested field as Selected fields and what happens
    • Color Codes for different operations (Blue /Orange etc..)
    • Jobs default settings
  • Operators
    • Implicit and explicit operators
      • AND , OR
    • Order of execution and Parenthesis
    • key/value pair operators ( =, < and >)
  • Commands
    • Stats Commands syntax and aggregate functions
    • Top and Rare default settings / default results
    • Constraints that can be applied on common commands ex: showperc on top etc..
    • Splunk Commands to pay special attention : Stats , table , distinct count , fields + , fields – , rename , top , rare ,sort, inputlookup etc..
    • Validate lookups and simple lookup
  • Splunk Screens
    • Column Headers/ Navigation Menus/ Sorting options available on each of the screens like Search/ Reports/ Alerts
    • User Preference settings
    • Edit Job Settings
    • Options on different available context menus
  • Splunk best practices
    • fields + and fields –
    • Wild character search best practices
    • Performance best practices
    • Please take a notes of all the best practices covered in the Splunk Fundamentals 1 training session
  • Visualization
    • Line charts , Bar Charts
    • Ways to create Reports / Alerts and Dashboard and best practices
  • Splunk Components
    • Get a high level knowledge on main components like indexer , forwarder etc..
    • Paths to external scripts / configurations

Once again all these are already covered in the blue print of the Splunk Fundamental course guide. However please pay attention to some of the highlighted points which we often don’t pay enough attention while practicing the labs. And again please try to use this as a refresher for topics that needs to be covered before taking the exam.

All the Best!