Splunk How-to, or How and Where to Learn Splunk
In this article we want to share with you useful materials and resources with the help of which you can learn how to work in Splunk. It is clear that the best experience is participation in projects and tampering with our own cones in practice, but still, theory is also important. In this article we will explain how and where it is better to learn Splunk.
1. Books
Splunk Operational Intelligence Cookbook
The book covers many topics that you will encounter when working in Splunk, from data loading to creating advanced analytic reports using XML and Python languages. In the book on each topic there is a step by step instruction with screenshots.
Implementing Splunk Big Data Reporting and Development for Operational Intelligence
This book is very similar to the previous one in terms of the presentation structure with practical examples, but it is less about the simple and focuses on “advanced” search techniques, visualization, configuration of the Splunk architecture, etc. .
Download here
Exploring Splunk Search Processing Language (SPL) Primer And Cookbook
This book focuses on query building and SPL query language: logic, functions, syntax.
You can download it here .
It should be noted that there is nothing new in the books that you will not find in the official documentation, links to which will be in the next section, some functions can already be changed in new versions of Splunk and the current information is better to look there, but still, books information is presented in a simpler and more user-friendly (especially beginner) format.
2. Useful materials and sites
Manuals Splunk Enterprise
The most basic source from which you can get all the latest information on working with Splunk. Everything that can be implemented in Splunk can be found here: instructions for downloading different types of data from various sources, detailed help for each function of the SPL language, instructions for all methods of visualization and reporting, guidance for system administration, troubleshooting, and so on. Each page has several versions depending on which version of Splunk you need.
Among the disadvantages of this guide, I would like to note that there is too much information there to easily find exactly what you need (especially if you are a novice user), as well as a complex system of hyperlinks from one topic to another. Our advice: if you fall into a section, do not try to study it from the middle and look for answers to questions in different parts - read the section completely. Yes, it will take more time, but understanding will be much more.
Link to the resource
Splunk Quick Reference Guide
A small overview of 6 pages, which provides definitions of the basic concepts of the system, as well as the syntax of the language SPL. Usually we use it as a desktop “chitshit”, since the most common commands are gathered there.
Link to the resource
Splunk Answers
A forum in which users ask questions to other users about various difficulties in their work. If you have a problem, but for sure you can find a ready-made solution there or independently ask a question. The main advantage of this forum is that the staff of the splana monitor and apryvyat correct answers. And there you can win a ticket to the annual conference splunk.conf for high karma.
Link to the
Splunk blog resource
The blog contains many articles on trends in the field of information technology and how Splunk is associated with them. It is here that the real cases of using Splunk and various “best practices” are published, and the articles are written by pretty pumped up splankers. However, there, as in all blogs, there are also marketing articles, without them.
Link to resource
Articles on Habré
We regularly publish articles related to the work of Splunk. Instructions for working with the system, integration with other systems and various reviews. We keep a complete list for easy navigation here , it is constantly updated.
3. Video
If someone is too lazy to read, then you can watch. Below we have posted links to various channels with video content. Maybe the video is a little long, but for there you can see which buttons and how to press.
Official educational videos on the site -> link
Youtube channel Splunk -> link
Youtube channel Splunk How-to -> link
Our video
4. Training
Splunk has a lot of official training. The training scheme is about the same: study of theoretical material (video or instructor) and the implementation of practical labs on the test Splunk, then the test and obtaining a certificate. They can be found here .
Basically the courses are paid, but there are some free ones:
Splunk Fundamentals 1
This course covers the Splunk interface, basic elements and their purpose, how to create search queries, use fields for this field, get statistics from your data, create reports, dashboards and warnings (alerts). If you are just starting out, this is a must have.
Splunk User Behavior Analytics
This course explores the interface and functions of the application for Splunk User Behavior Analytics. By and large, this course will show you what UBA is from splank.
Splunk Infrastructure Overview
This course provides an overview of the Splunk Enterprise infrastructure. Users receive information on how to convert a Splunk deployment from one instance to a distributed environment.
Official full-time study in Russia in Russian
From August 2018, you can attend formal full-time study in Russian in Moscow.
Training is conducted in a certified educational center - NTC (Network Training Center) .
At the moment courses are given:
In more detail about NTC and the courses we wrote in this article .
If you are interested in this topic or Splunk as a whole, then write comments, we will be happy to answer you. Subscribe to our VK group and Telegram channel if you want to keep abreast of new articles.