Student Handbook - v. 04.14.

2021

©Splunk Inc.
270 Brannan St.
San Francisco, CA
U.S.A.
 SPLUNK EDUCATION

Student Handbook

Table of Contents

Program Introduction……………………………………………………………..……. 3

Splunk Education Free Content………………….…………………………………….... 5

Learning Paths……………………….………………………………………….………. 6

Course Registration ………………………….…………………………………………. 14

Accessing Your Course …………………………………………………………..……… 16

Training Credits…………..………….…………………………………………………. 17

Instructor On-Demand (IOD) Subscriptions…………………………………………… 18

Candidate Support/FAQ………………………………………………………….……… 19

Splunk EDU End User Agreement……………..…………….……………………….…. 21

Appendix A (Course Detail Documents)……….………………………………….……... 22

Appendix B (Splunk Policies and Terms of Use)……….……………………………….… 28

Splunk Education | Student Handbook 2

PROGRAM INTRODUCTION

Welcome to the world of Splunk Education! From free courses to paid subscriptions, from a few
minutes to a few days, from your first day to your first deployment we are here to help you get the
most out of Splunk—the Data to Everything platform.

Where do I start?

Great question! Here at Splunk, our Data-to-Everything Platform includes everything you need to
ensure your digital initiatives succeed… but how? Leverage our Splunk Education offerings to
empower your people to predict, identify, and solve problems in real time. We can teach you to
answer your own questions across business, IT, DevOps and security functions with world-class
investigative capabilities, intuitive visualizations, and seamless collaboration.

Splunk Education offers focused training programs that enable you to get started quickly and stay
relevant. We greatly enhance the value that Splunk can bring to you and your company. Experience
has shown that attending Splunk education can have an immediate and profound impact on your
staff and your organization. Our goal is to deliver the maximum amount of practical
information in the shortest amount of time to keep your downtime or out-of-office time to a
minimum. We focus on the tasks required to implement, manage, develop and use Splunk, with the
goal of helping you become self-sufficient and productive as quickly as possible.

Splunk courses are offered in the following delivery methods:

● Self-paced eLearning
These courses give students a 30-day window (beginning on the date of registration) to
complete the course at their convenience.

● Self-paced Instructor On-Demand (IOD)

These courses give students a 30-day window (beginning the date of you first access the
course) to complete the course at their convenience and feature blended-learning that
combines self-paced learning with real-time, on-demand interactions with other students
and Splunk expert instructors via built-in chat functionality. These courses include hands-on
lab activities, as well as an engaging mix of video, animation and demos and the option to
schedule a single one-on-one WebEx session with a Splunk expert instructor to dive deeper
into a specific topic.

(continued on next page)

Splunk Education | Student Handbook 3

PROGRAM INTRODUCTION (continued)

● Instructor-led virtual (public)

These public courses are open to all customers and partners and are delivered by a live
instructor via WebEx that can be attended from any location. We understand how adults
learn and have taken virtual classes to the next level. We ensure that maximum
concentration is kept during the 4.5 hour/day classes with engaging instructors, interactive
quizzes and comprehensive hands-on labs.

● Instructor-led classroom (public)

With classrooms across the globe and a new state-of-the-art purpose-built classroom at our
headquarters in San Francisco, we offer in-person training. These classes take you away
from your daily office routine and immerse you into the world of Splunk. We create the ideal
environment to get fast-tracked knowledge of how to get the best from Splunk.

● Instructor-led dedicated virtual (private)

If you have a team to train, you can have a dedicated virtual class delivered by a live
instructor via WebEx to just your employees. Students can attend from any location, but
with the added ability to be able to virtually converse with colleagues and the instructor and
focus the class on the needs of your organization.

● Instructor-led dedicated onsite (private)

If you have a team to train, you can bring a Splunk instructor to your site enabling lively
discussion amongst the attendees related to your company’s specific use of Splunk.

Remember—an investment in education is an investment in success. Past participants in Splunk

Education courses (and certifications) report higher earnings and more promotions than their
industry peers. Organizations that make use of Splunk Education are three times more likely to
accomplish their Splunk-driven business objectives. Ready to get started?

Keep reading to learn more about our current offerings...

Splunk Education | Student Handbook 4

SPLUNK EDUCATION FREE CONTENT

Here are our current free courses:

SPLUNK FUNDAMENTALS PART 1

This course teaches you how to search and navigate in Splunk, use fields, get statistics from your
data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on
challenges will enable you to create robust searches, reports, and charts. It will also introduce you
to Splunk's datasets features and Pivot interface.

SPLUNK INFRASTRUCTURE OVERVIEW

This self-paced course gives users an overview of the Splunk Enterprise infrastructure. Users get a
high-level look at how to grow a Splunk deployment from a single instance to a distributed
environment. With tips and best practices for deploying, extending and integrating Splunk while
showing the user what is happening behind the scenes, this course is a great place to start.

SPLUNK USER BEHAVIOR ANALYTICS (UBA)

In this course we tour the UBA interface, look at how UBA defines threats, discuss steps to take
when responding to possible threats and how to triage false positives.

INTRODUCTION TO SPLUNK IM AND SPLUNK APM

This series of training modules targets Ops, SREs (Site Reliability Engineers), and observability
teams. It provides practical applications of using the Splunk Infrastructure Monitoring platform.
Learn to navigate the user interface and monitor your infrastructure using out-of-the-box Splunk IM
functionality.

Want more free content? Of course you do! Please see here for additional resources including
micro-training, use-case videos, platform walk-throughs, and more!

Splunk Education | Student Handbook 5

LEARNING PATHS

With such an extensive list of courses available, some students don’t know where to start (or stop!).
This is why we’ve put together Learning Paths designed to give students everything they need to
become true subject matter experts in their desired field.

COURSES FOR USERS

Splunk Education's learning path for power users takes you from investigative keyword searches to
creating rich reports and visualizations to becoming a Splunk search expert!

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Splunk for Analytics and Data Science
● Splunk Infrastructure Overview

Download the pdf here

Pro tip: Candidates who complete the learning path above are eligible for the Splunk Core
Certified User, Splunk Core Certified Power User, and Splunk Core Certified Advanced Power
User certification exams (in that order).

(continued on next page)

Splunk Education | Student Handbook 6

LEARNING PATHS (continued)

COURSES FOR SPLUNK ADMINISTRATORS

Whether you're responsible for a single Splunk instance or a massive distributed deployment, our
Administrator curriculum teaches you the concepts, tasks, and best practices to keep your Splunk
installation happy, healthy, and growing.

● Fundamentals 1
● Fundamentals 2
● Splunk Enterprise System Administration
● Splunk Enterprise Data Administration
● Troubleshooting Splunk Enterprise
● Splunk Enterprise Cluster Administration
● Implementing Splunk SmartStore
● Splunk Workload Management
● Working with Metrics in Splunk
● Implementing Splunk Data Stream Processor

Download the pdf here

Pro tip: Candidates who complete the learning path above and hold the Splunk Core Certified
Power User certification are eligible for the Splunk Enterprise Certified Admin certification exam.

(continued on next page)

Splunk Education | Student Handbook 7

LEARNING PATHS (continued)

COURSES FOR CLOUD CUSTOMERS

Splunk Education's learning path for Splunk Cloud customers offers courses for end users as well
those in charge of managing Splunk Cloud users, data inputs, and configurations.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Splunk for Analytics and Data Science
● Splunk Cloud Administration
● Transitioning to Splunk Cloud

Download the pdf here

Pro tip: Candidates who complete the learning path above are eligible for the Splunk Core
Certified User, Splunk Core Certified Power User, and Splunk Core Certified Advanced Power
User or the Splunk Cloud Certified Admin certification certification exams (in that order). Please
see the certification tracks for more information.

(continued on next page)

Splunk Education | Student Handbook 8

LEARNING PATHS (continued)

COURSES FOR SPLUNK ARCHITECTS

Learn concepts and best practices for sizing, scaling, and deploying Splunk across your organization.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Splunk Enterprise System Administration
● Splunk Enterprise Data Administration
● Troubleshooting Splunk Enterprise
● Splunk Enterprise Cluster Administration
● Architecting Splunk Enterprise Deployments

Download the pdf here

Pro tip: Candidates who complete the learning path above, the Splunk Enterprise Practical Lab,
and hold the Splunk Enterprise Certified Admin certification are eligible for the Splunk Enterprise
Certified Architect certification exam.

(continued on next page)

Splunk Education | Student Handbook 9

LEARNING PATHS (continued)

COURSES FOR APP DEVELOPERS

Harness the power of Splunk's Web Framework. Create rich, interactive dashboards and forms, and
package Splunk knowledge objects for distribution across your organization, or share your
masterpiece with the world on the Splunk Apps site.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Advanced Dashboards & Visualizations
● Building Splunk Apps
● Developing with Splunk's REST API

Download the pdf here

Pro tip: Candidates who complete the learning path above and hold either the Splunk Enterprise
Certified Admin certification or the Splunk Cloud Certified Admin certification are eligible for the
Splunk Certified Developer certification exam.

(continued on next page)

Splunk Education | Student Handbook 10

LEARNING PATHS (continued)

COURSES FOR ENTERPRISE SECURITY ADMINISTRATORS

Learn to install, configure, manage, and use the Splunk App for Enterprise Security. This path is
intended for Splunk Administrators that manage Splunk Enterprise Security deployments.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Splunk Enterprise System Administration
● Splunk Enterprise Data Administration
● Architecting Splunk Enterprise Deployments
● Administering Splunk Enterprise Security

Download the pdf here

Pro tip: Candidates who complete the learning path above are eligible for the Splunk Enterprise
Security Certified Admin certification exam.

COURSES FOR ENTERPRISE SECURITY END-USERS

This path prepares security practitioners to use Splunk Enterprise Security (ES). Students will use
ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat
discovery.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Using Splunk Enterprise Security

Download the pdf here

(continued on next page)

Splunk Education | Student Handbook 11

LEARNING PATHS (continued)

COURSES FOR IT SERVICE INTELLIGENCE ADMINISTRATORS

Learn to install, configure, manage, and use Splunk for IT Service Intelligence (ITSI). Learn about
ITSI architecture, deployment planning, installation, service design and implementation.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Splunk Enterprise System Administration
● Splunk Enterprise Data Administration
● Implementing Splunk IT Service Intelligence

Download the pdf here

Pro tip: Candidates who complete the learning path above are eligible for the Splunk IT Service
Intelligence Certified Admin certification exam.

COURSES FOR IT SERVICE INTELLIGENCE END-USERS

Learn to use Splunk IT Service Intelligence features, such as Service Analyzer, Notable Events
Review, Glass Tables, Deep Dives, KPI Alerts and more.

● Fundamentals 1
● Fundamentals 2
● Fundamentals 3
● Creating Dashboards with Splunk
● Advanced Searching & Reporting
● Using Splunk IT Service Intelligence

Download the pdf here

(continued on next page)

Splunk Education | Student Handbook 12

LEARNING PATHS (continued)

COURSES FOR PHANTOM CUSTOMERS

Splunk Education's learning path for Phantom customers teaches you how to install and configure
Phantom, and achieve orchestration and automation tasks through Phantom playbook development.

● Administering Phantom
● Developing Phantom Playbooks
● Advanced Phantom Implementation

Download the pdf here

Pro tip: Candidates who complete the learning path above are eligible for the Splunk Phantom
Certified Admin certification exam.

COURSES FOR OBSERVABILITY CUSTOMERS

Splunk Education's learning path for Observability includes individual courses that teach you core
skills for infrastructure and microservices monitoring, practical applications of using the
Observability User Interfaces and API best practices. Each course has been designed to help users at
different levels become proficient at working with the Splunk's Observability solutions.

● Observability Fundamentals Series

● Using Splunk Infrastructure Monitoring
● Kubernetes Monitoring with Splunk
● Automation Using the REST and SignalFlow APIs
● Using the Splunk Terraform Provider
● Sending Custom Metrics to Splunk IM
● Using Splunk APM to Monitor Microservices-based Applications
● Advanced Monitoring of Microservices Applications Using Splunk APM

Download the pdf here

Splunk Education | Student Handbook 13

COURSE REGISTRATION

To register for a Splunk Education course, all students must first create a Splunk.com account. Any
issues encountered in creating an account or logging into an account should be directed to Splunk
Support (we recommend calling your regional help line for the quickest assistance).

There are several ways to pay/register for a course (instructions can also be found here):

ENROLLING USING EDU CREDITS/PASSKEY

1. Use the Catalog to browse by course or use the Schedule page to browse the schedule
for Instructor-Led-Training.
2. For Instructor-on-Demand classes, click the "Register" button. For live instructor-led
classes (virtual or classroom) click the dates in the time-zone/location that best suits
your schedule.
3. Please review the Terms and Conditions and check the box. Click "Register". You can use
the "Continue Shopping" link to add more classes to your cart.
4. Review the details on the page and, when ready, click "Checkout". You will be prompted
to login. If you do not have a Splunk.com account, you can create one from the next
screen.
5. Complete any missing fields.
6. Select the Training Passkey payment type and enter your passkey in that field. If you do
not know your passkey, please contact your internal coordinator.
7. Agree to the Terms and Conditions (yes—again!).
8. Click "Confirm Order". If your company has set the passkey to auto-approve your
registration will be confirmed immediately. Otherwise, the owner of your credits
account will receive a notification requesting approval. Your registration will be
tentative until the use of the credits is approved.

(continued on next page)

Splunk Education | Student Handbook 14

COURSE REGISTRATION (continued)

ENROLLING WITH A CREDIT CARD

1. Use the Catalog to browse by course or use the Classes page to browse the schedule for
Instructor-Led Training.
2. For Instructor-on-Demand classes, click the "Register" button. For live instructor-led
classes (virtual or classroom) click the dates in the time-zone/location that best suits
your schedule.
3. Be sure to read the Terms and Conditions and check the box. Click "Register". You can
use the "Continue Shopping" link to add more classes to your cart.
4. Review the details on the page and, when ready, click "Checkout". You will be prompted
to login. If you do not have a Splunk.com account, you can create one from the next
screen.
5. Complete any missing fields.
6. Select the "Credit Card" Payment Type and enter your card details
7. Agree to the Terms and Conditions, once more for good measure!
8. Click "Confirm Order". Your registration will automatically be confirmed!

ENROLLING WITH YOUR COMPANY’S INSTRUCTOR-ON-DEMAND SUBSCRIPTION

1. Please select the subscription package your company has. If you are not sure, please
contact your account team.
○ Splunk User Foundations Subscription
○ Splunk User Advanced Subscription
2. Note that subscription pricing is not adjusted until you have added a course to your cart
and are logged in. Only Instructor-on-Demand (IOD) courses are included in
subscription packages.

Splunk Education | Student Handbook 15

ACCESSING YOUR COURSE

Once you’ve registered for a course, you will receive a confirmation email at the email address you
used to create your Splunk Education account with specific instructions. Please carefully review
these instructions, as they may include a system compatibility check which should be completed
prior to the start date of the course. This is especially true for instructor-led courses.

When you’re ready to access your course, visit your training profile. Courses you have registered
for will be displayed at the bottom of the page. If you are having problems finding your courses,
click the My Learning tab, and use the Filter Results drop-down to filter courses by status. Once
you have found the course, click the View Details button for additional instructions.

Similarly, access eLearning/IOD courses as described above or directly from the confirmation
email you received. If accessing from your training profile, click the Resume Course/Pathway
button to launch it. Remember: eLearning/IOD classes have a 30-day time limit. This clock
starts as soon as you start the course.

Before launching a course, we suggest you use the test link at https://splk.it/2TKvg6K to verify
that it will work with your system or network.

Splunk Education | Student Handbook 16

TRAINING CREDITS

Splunk Education offers training credits to provide flexibility and volume discounts. Training credits
can be used for all education offerings, delivery methods and certification exams*. Training credits
can also be used by anyone within your organization to provide the right training, at the right time,
throughout the 12-month term.

Each training credit is valued at $500/credit. The number of training credits required for each class
and delivery method can be found here https://education.splunk.com/pricing and the volume
discounts are outlined below.

Training Credit Volume Discounts

Number List Price Discount Final Price

of Credits

50 $25,000 2% $24,500

100 $50,000 5% $47,500

200 $100,000 10% $90,000

*Please note, Splunk Education uses the passkey or SO to pay for the course. Splunk Certification exams
require voucher codes for use on the Pearson VUE platform. To request an exam registration voucher,
please contact [email protected] (and include your SO in the request).

Splunk Education | Student Handbook 17

INSTRUCTOR ON-DEMAND (IOD) SUBSCRIPTIONS

Splunk Education Instructor On-Demand (IOD) subscriptions allow everyone in your organization
to fully utilize Splunk. For one year, anyone within a single @company.com domain can be successful
by completing the self-paced IOD courses included in each subscription.

Splunk User Foundations Subscription

Splunk Fundamentals 1
Splunk Fundamentals 2

Splunk User Advanced Subscription

Splunk Fundamentals 1
Splunk Fundamentals 2
Splunk Fundamentals 3
Advanced Searching and Reporting
Creating Dashboards with Splunk

Please view additional information here Splunk Education Instructor On-Demand (IOD)
Subscriptions. Please contact [email protected] for pricing.

Splunk Education | Student Handbook 18

CANDIDATE SUPPORT/FAQ

Below are some of the most frequently-asked questions fielded by our Education Ops Team.
Please also refer to our Program Guide and Splunk Education FAQ for the most up-to-date FAQ
and information. Any questions not answered here can be directed to
[email protected] (regardless of region, this is our primary mailbox for assistance).

Q: How much do courses cost?

A: Please see Appendix A for course descriptions, duration, and pricing details. This information is
also available via our pricing list.

Q: What is the difference between a learning path and a certification track?

A: Learning paths are designed to give students a comprehensive list of courses which includes all
the information they need to become a subject matter expert. Course prerequisites are detailed on
each of the course pdfs. See Appendix A for more information. Certification tracks include only the
courses used to generate the exam content. Many tracks contain recommended prerequisite
courses, but candidates with extensive knowledge and experience can still successfully pass the
exam without completing the coursework. Highly technical tracks often include required
prerequisite courses which must be completed by all candidates, regardless of experience. For more
information, please refer to our Splunk Certification Candidate Handbook.

Q: I completed a course. How do I access my certificate of completion?

A: Please login here to access your completion certificates.

Q: I was unable to complete my eLearning/IOD course within the 30 days. Can I request an extension?
A: Please send a request to [email protected] to see if you are eligible for an
extension. Note that an administrative fee may be due.

Q: I completed an eLearning/IOD course and want to practice the labs again. Can I regain access?
A: No. Once a course has been completed and expired, we cannot grant additional access.

Q: I want to use my course materials to study for a certification exam, but no longer have them. Where
can I download them?
A: Please send a request to [email protected] for assistance.

(continued on next page)

Splunk Education | Student Handbook 19

CANDIDATE SUPPORT/FAQ (continued)

Q: When do EDU credits expire? Is there a way to get an extension?

A: EDU credits expire 12 months from the date of purchase. This means that the courses must
begin prior to the expiration date. Splunk has released a training credit extension SKU
(EDU-UNIT-EXT) which enables customers to extend their training credits for an additional 12
months for only $2,500. This extension cannot be purchased with existing credits. Cannot be used
for credits that were previously extended for any reason and must be purchased before the
expiration date.

Q: I have existing EDU credits. Can I use them for certification exam registration?
A: Yes! One (1) EDU credit can be used to purchase a five-pack of exam registration vouchers. Please
send a request to [email protected] for assistance. Partner credits which were purchased
at a discounted price of $250/credit can be used, as well, with (2) EDU credits equalling a five-pack
of exam registration vouchers.

Q: In what languages are instructor-led courses available? In which time zones?

A: Our instructor-led courses are currently available in English, Spanish, French, Portuguese, and
Mandarin. Translators can be hired, as needed (at the expense of the customer). Courses are
globally available in several time zones. Please note: the location for virtual courses indicates the
time zone for delivery.

Splunk Education | Student Handbook 20

SPLUNK EDUCATION USER AGREEMENT

Splunk Education Store Terms and Conditions

The above policies are not included in full in the Education Handbook as they are subject to
change and are best referenced via our website to ensure the most current, accurate
information is available.

Splunk Education | Student Handbook 21

APPENDIX A

Here is a complete list of our current paid course offerings, in alphabetical order.

Each of the below courses may include prerequisite coursework. These courses include modules, labs,
and may include quizzes or knowledge checks. Please visit the course pages linked in each header for
more information, as well as scheduling and registration information.

Unsure of which courses you need? Please review the Learning Paths here. Looking for continuing
education courses to recertify with Splunk Certification? Please see our Recertification Policy for
which courses qualify for each specific certification track.

ADMINISTERING PHANTOM
This 9-hour course prepares IT and security practitioners to install, configure and use a Phantom
server in their environment and will prepare developers to attend the playbook development
course. download pdf ($1,000/2 credits)

ADMINISTERING SPLUNK ENTERPRISE SECURITY

This 13.5-hour course prepares architects and systems administrators to install, configure and
manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment
requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol
intelligence configuration, and customizations. download pdf ($1,500/3 credits)

ADVANCED DASHBOARDS & VISUALIZATIONS

This 4.5-hour course is designed for advanced users who want to create SplunkJS-based dashboards
and forms. It focuses on creating dashboards, adding inputs, using event handlers and creating
Splunk Custom Visualizations. download pdf ($500/1 credit)

ADVANCED MONITORING OF MICROSERVICES APPLICATIONS USING SPLUNK APM

This 4.5-hour course targeted to developers and DevOps enables you to use the Splunk APM to
analyze traces, troubleshoot and monitor your microservices-based applications. Through
in-person discussions and hands-on activities, learn to deploy Splunk APM and use
auto-instrumentation to send in traces without altering your code. Use manual instrumentation to
create spans and add metadata to spans. You will also see how to configure and deploy the
OpenTelemetry Collector. download pdf ($500/1 credit)

ADVANCED PHANTOM IMPLEMENTATION

This 13.5-hour virtual course is intended for experienced Phantom consultants who will be
responsible for complex Phantom solution development, and will prepare the attendee to integrate
Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage.
download pdf ($1,500/3 credits)

Splunk Education | Student Handbook 22

ADVANCED SEARCHING & REPORTING
This 13.5-hour virtual course focuses on more advanced search and reporting commands.
Scenario-based examples and hands-on challenges enable users to create robust searches, reports,
and charts. Students are coached step by step through complex searches to produce final results.
Major topics include optimizing searches, additional charting commands and functions, formatting
and calculating results, correlating events, and using combined searches and subsearches.
download pdf ($1,500/3 credits)

ARCHITECTING SPLUNK ENTERPRISE DEPLOYMENTS

This 9-hour virtual course focuses on large enterprise deployments. Students will learn steps and
best practices for planning, data collection and sizing for a distributed deployment. download pdf
($1,500/3 credits)

AUTOMATION USING THE REST AND SIGNALFLOW APIs

This 9-hour course provides the foundation for you to use the API to automate bulk actions such as
the creation of charts, dashboards, and alerts. See how to programmatically perform computations
that can be used in charts and detectors or streamed in real-time. Use the API to manage SplunkIM
Teams. download pdf ($1,000/2 credits)

BUILDING SPLUNK APPS

This 9-hour virtual course focuses on Splunk Enterprise app development. It's designed for
advanced users, administrators, and developers who want to create apps using the Splunk Web
Framework. Major topics include planning app development, creating data generators and data
inputs; the REST API, setup screens, KV Store, and app packaging. download pdf ($1,500/3 credits)

CORE CONSULTANT LABS

This package consists of a self-paced eLearning course focused on base configs and best practices
for props.conf, along with six self-paced labs. The material in this bundle is designed to give a
Splunk Consultant knowledge and practice in preparation for the Splunk Core Implementation
course and the Splunk Core Certified Consultant exam. download pdf (free for all qualified
candidates)

CREATING DASHBOARDS WITH SPLUNK

This 9-hour course is designed for power users who want to create fast and efficient views that
include customized charts, drilldowns, advanced behaviors and visualizations. Major topics include
using tokens, global searches, event handlers, dynamic drilldowns and simple XML extensions for
JavaScript and CSS. download pdf ($1,000/2 credits)

Splunk Education | Student Handbook 23

DEVELOPING PHANTOM PLAYBOOKS
This 9-hour introductory course prepares IT and security practitioners to plan, design, create and
debug basic playbooks for Phantom. Students will learn fundamentals of Phantom playbook
capabilities, creation and testing. This course is a prerequisite for the Advanced Phantom
Implementation course. download pdf ($1,000/2 credits)

DEVELOPING WITH SPLUNK’S REST API

This 9-hour course teaches you to use the Splunk REST API to accomplish tasks on a Splunk server.
In this course, you will use curl and Python to send requests to Splunk REST endpoints and will
learn how to parse the results. The course will show you how to create a variety of objects in
Splunk, how to work with and apply security to Splunk objects, issue different types of searches,
and ingest data. download pdf ($1,000/2 credits)

FUNDAMENTALS PART 1
This 9-hour course teaches you how to search and navigate in Splunk, use fields, get statistics from
your data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on
challenges will enable you to create robust searches, reports, and charts. It will also introduce you
to Splunk's datasets features and Pivot interface. download pdf ($1,000/2 credits)

FUNDAMENTALS PART 2
This 18-hour course focuses on searching and reporting commands as well as on the creation of
knowledge objects. Major topics include using transforming commands and visualizations, filtering
and formatting results, correlating events, creating knowledge objects, using field aliases and
calculated fields, creating tags and event types, using macros, creating workflow actions and data
models, and normalizing data with the Common Information Model (CIM). download pdf ($2,000/4
credits)

FUNDAMENTALS PART 3
This 18-hour course focuses on additional search commands as well as advanced use of knowledge
objects. Major topics include advanced statistics and eval commands, advanced lookup topics,
advanced alert actions, using regex and erex to extract fields, using spath to work with
self-referencing data, creating nested macros and macros with event types, and accelerating reports
and data models. download pdf ($2,000/4 credits)

IMPLEMENTING SPLUNK DATA SYSTEM PROCESSOR (DSP)

This 18-hour course is designed for the experienced Splunk administrators who are new to Splunk
DSP. This hands-on class provides the fundamentals of deploying a Splunk DSP cluster and
designing pipelines for core use cases. It covers installation, source and sink configurations, pipeline
design and backup, and monitoring a DSP environment. download pdf ($2,000/4 credits)

Splunk Education | Student Handbook 24

IMPLEMENTING SPLUNK IT SERVICE INTELLIGENCE
This 18-hour virtual course prepares consultants to install and configure Splunk's app for IT Service
Intelligence (ITSI). Students will learn to use ITSI to monitor mission-critical services. Topics
include ITSI architecture, deployment planning, installation, service design and implementation,
configuring entities, notable events, and developing glass tables and deep dives. download pdf
($2,000/4 credits)

IMPLEMENTING SPLUNK SMARTSTORE

This 4.5-hour course is designed for the experienced Splunk system administrator. This hands-on
class is designed to provide the essential knowledge for deploying and managing Splunk
SmartStore. It covers SmartStore deployment options, cache manager configurations, monitoring,
and troubleshooting of SmartStore implementation. download pdf ($500/1 credit)

KUBERNETES MONITORING WITH SPLUNK

This 4.5-hour course is targeted to Site Reliability Engineers / DevOps Engineers / Application
Developers who deploy to and manage Kubernetes clusters. This course teaches the skills you need
to monitor and troubleshoot your Kubernetes infrastructure with Splunk. You will learn to track and
alert on the status of your installation using built-in tools focused on Kubernetes to introspect
clusters from multiple perspectives and identify potential trouble indicators. Through in-person
discussions and hands-on activities learn multiple ways you can view and automate the monitoring
of your clusters and running jobs. download pdf ($500/1 credit)

SENDING CUSTOM METRICS TO SPLUNK IM

This 9-hour course, targeted towards developers and DevOps, focuses on creating custom metrics to
monitor your applications/services with Splunk IM. Learn to instrument applications/services to
send in custom metrics that characterize the application of service. Define relevant metadata for
your metrics to let you find, filter and aggregate the metrics on which you want to chart or alert.
Create charts and custom dashboards to visualize these custom metrics. Create detectors to monitor
the metrics to alert when there are any issues with the application or service. download pdf
($1,000/2 credits)

SERVICES CORE IMPLEMENTATION

This 5-day instructor-led course covers how to make Splunk Enterprise run efficiently in setting up
large clustered Splunk environments using best practices. The class evaluates your ability to
successfully deploy Splunk Enterprise in several scenarios, including Search Head Cluster, Indexer
Cluster, and distributed environments. You will also create advanced dashboards and alerts to
ensure customers get the most value from their Splunk environment. download pdf ($4,500/9
credits)

Splunk Education | Student Handbook 25

SPLUNK CLOUD ADMINISTRATION
This 13.5-hour hands-on course prepares administrators to manage users and get data in Splunk
Cloud. Topics include data inputs and forwarder configuration, data management, user accounts,
and basic monitoring and problem isolation. The focus in this class is the knowledge, best practices,
and configuration details for Splunk Cloud. download pdf ($1,500/3 credits)

Please note: Search head clustered deployment topics will NOT be covered in this class.

SPLUNK DEPLOYMENT PRACTICAL LAB

This 24-hour practical lab exercise is designed to take you through the tasks of a complete mock
deployment. Each participant is given access to a specified number of Linux servers and a set of
requirements. Participants then perform a mock deployment according to requirements which
adhere to Splunk Deployment Methodology and best-practices. download pdf ($1,000/2 credits)

SPLUNK ENTERPRISE CLUSTER ADMINISTRATION

This 13.5-hour virtual course is for an experienced Splunk Enterprise administrator who is new to
Splunk Clusters. The course provides the fundamental knowledge of deploying and managing
Splunk Enterprise in a clustered environment. It covers installation, configuration, management,
and monitoring of Splunk clusters. download pdf ($1,500/3 credits)

Please note: While Splunk Clusters are supported in Windows environments, the class lab
environment is running Linux instances only.

SPLUNK ENTERPRISE DATA ADMINISTRATION

This 13.5-hour virtual course is designed for system administrators who are responsible for getting
data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders
and methods to get remote data into Splunk indexers. It covers installation, configuration,
management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server
components. download pdf ($1,500/3 credits)

SPLUNK ENTERPRISE SYSTEM ADMINISTRATION

This 9-hour virtual course is designed for system administrators who are responsible for managing
the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk
license manager, indexers and search heads. It covers configuration, management, and monitoring
core Splunk Enterprise components. download pdf ($1,000/2 credits)

SPLUNK FOR ANALYTICS & DATA SCIENCE

This 13.5-hour virtual course covers implementing analytics and data science projects using
Splunk's statistics, machine learning, built-in and custom visualization capabilities. download pdf
($1,500/3 credits)

Splunk Education | Student Handbook 26

SPLUNK WORKLOAD MANAGEMENT
This 4.5-hour course provides the fundamentals of using the Workload Management (WLM) feature
in Splunk. In this course, you will learn about WLM concepts and features, requirements to
configure WLM in the Splunk environment, using workload pools and rules, and allocating WLM
resources. download pdf ($500/1 credit)

TRANSITIONING TO SPLUNK CLOUD

This 9-hour instructor-led course highlights key differences between Splunk Enterprise deployed
on-premises and Splunk Enterprise Cloud to enableSplunk Administrators to transition to Splunk
Cloud. The course provides the skills and knowledge for Splunk Cloud administrators to collect and
ingest data as well as manage their cloud environment and maintain a productive Splunk SaaS
deployment. download pdf ($1,000/2 credits)

TROUBLESHOOTING SPLUNK ENTERPRISE

This 9-hour virtual course is designed for Splunk administrators. It covers topics and techniques for
troubleshooting a standard Splunk distributed deployment using the tools available on Splunk
Enterprise. It is a lab-oriented class designed to help you gain troubleshooting experience before
attending more advanced courses. You will debug a distributed Splunk Enterprise environment
using the live system and simulated case logs. download pdf ($1,000/2 credits)

Please note: This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or
Splunk premium apps.

USING SPLUNK APM TO MONITOR MICROSERVICES-BASED APPLICATIONS

This 4.5-hour course targeted to developers and DevOps enables you to use Splunk APM to analyze
traces, troubleshoot and monitor your microservices-based applications. Through in-person
discussions and hands-on activities you will deep dive into uses of distributed tracing, navigating
the Splunk APM app to analyze traces, visualize and alert on APM metrics. download pdf ($500/1
credit)

USING SPLUNK ENTERPRISE SECURITY

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES).
Students will use ES to identify and track security incidents, analyze security risks, use predictive
analytics, and threat discovery. download pdf ($1,500/3 credits)

USING SPLUNK INFRASTRUCTURE MONITORING

This 9-hour comprehensive course targets Ops, SREs (Site Reliability Engineers), and observability
teams. It provides practical applications of using the Infrastructure Monitoring product. Learn to
navigate the user interface and monitor your infrastructure using out-of-the-box SplunkIM
functionality. download pdf ($1,000/2 credits)

Splunk Education | Student Handbook 27

USING SPLUNK IT SERVICE INTELLIGENCE
This 4.5-hour course teaches students to use Splunk IT Service Intelligence features, such as Service
Analyzer, Notable Events Review, Glass Tables, Deep Dives, KPI Alerts and more. download pdf
($500/1 credit)

USING THE SPLUNK TERRAFORM PLATFORM

This 9-hour course targeted towards DevOps, Observability and Software Reliability Engineers
teams is a follow-up to the course “Automation Using theREST and SignalFlow APIs”. Learn to use
the Splunk Terraform provider to manage Splunk Infrastructure Monitoring resources for
visualization, alerting, and teams. Create and manage detectors and muting rules. Learn to create
and modify teams including team notification policies. download pdf ($1,000/2 credits)

WORKING WITH METRICS IN SPLUNK

This 9-hour course provides Splunk users in-depth information about metrics, ingesting and
searching metrics data, and how to use the Metrics Workspace to analyze and create visualizations.
download pdf ($1,000/2 credits)

Splunk Education | Student Handbook 28

APPENDIX B

Splunk Privacy Policy

Splunk Terms of Use

The above policies are not included in full in the Education Handbook as they are subject to
change and are best referenced via our website to ensure the most current, accurate
information is available.

Splunk Education | Student Handbook 29