Splunk SOAR Certified Automation Developer Splunk SOAR Certified Automation Developer This certification demonstrates an individual's ability to install and configure a SOAR server, integrate it with Splunk, and plan, design, create, and debug playbooks. Formerly referred to as Splunk Phantom Certified Admin. Please note: There are no pre-requisite courses or certifications required to attempt this exam but all candidates are expected to have working knowledge and experience as either Splunk Cloud or Splunk Enterprise Administrators. Learning Path We suggest candidates looking to prepare for this exam complete Splunk Fundamentals 1 or the following Single subject courses: Paid Training Paid Cert Exam Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Administering Splunk SOAR Investigating Splunk Incidents with SOAR Developing SOAR Playbooks Advanced SOAR Implementation Splunk SOAR Certified Automation Developer Splunk Certifications Exam How to register for your exam There are two ways to purchase a PearsonVUE registration voucher: 1. Directly from PearsonVUE. This is the most streamlined approach. Follow the steps for account creation and exam registration provided at home.pearsonvue.com/splunk . Payment will be collected at the time of registration. You can also visit the Pearson VUE voucher store for direct purchase. 2. From Splunk. Individuals or companies could use Splunk Education Training Units and convert them to certification vouchers. 50 Education training units can be converted to 5 certification vouchers or 13 Education training units can be converted to 1 certification voucher. Education training units can only be converted within 1 year of purchase. Email certification@splunk.com with the TUA number to begin the process of confirming eligibility and converting. Voucher codes will be emailed and distribution and management is at the sole discretion of the customer. Vouchers expire approximately one year from the date of issue. Exams must take place on or before Voucher expiration date. All scheduled exams are subject to a minimum 48-hour cancellation and/or rescheduling policy. Failure to cancel or reschedule an exam within this timeframe results in forfeiture of registration fee. One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Fundamentals 2 Training Legacy Course Information delivered by INGENIQ Splunk Fundamentals 2 - Legacy Course Information The Splunk Fundamentals 2 course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM). This Fundamentals 2 Splunk Courses have been replaced by shorter Splunk single-subject course modules , this page have been retained to assist customers. To see which courses have replaced Splunk Fundamentals 2 and book the equivalent course click here Single-subject to Multi-subject course mapping. Alternatively contact one of our Training Consultants on 1300 245 802 or email sales@ingeniq.com.au The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful. Participant, Splunk Fundamentals 2 Splunk Fundamentals 2 - Course Topics Transforming commands and visualisation Filtering and formatting results Correlating events Knowledge objects Fields(Field aliases, field extractions, calculated fields) Tags and event types Macros Workflow actions Data models Splunk Common Information Model (CIM) Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Course Prerequisites Splunk Fundamentals 1 or the following single subject courses What is Splunk Intro to Splunk Using Fields Scheduling Reports & Alerts Visualisations Intro to Knowledge Objects Related Certifications Splunk Core Certified Power User Splunk Core Certified Advanced Power User Splunk Enterprise Certified Admin Splunk Enterprise Certified Architect Splunk Core Certified Consultant Splunk Fundamentals 2 - Audience Anyone whose role requires them to view or run reports within Splunk. Previous attendees have had various roles within their organisations such as Consultants, IT Operations/Security, Business Intelligence/Business Analysts and Marketing Professionals, Solution Architects and Application Developers. After completing Splunk Fundamentals 2 course you will be able to Create searches using the Splunk Search Processing Language Use many common search commands to create statistics, evaluate data, sort, rename and add totals Create tables and charts using your newfound search commands Customise charts by adding filters to show only certain data, create stacked charts and charts based on time Perform calculations on your event data, use conditional expressions Correlate data using transactions Learn to create valuable knowledge objects which you can reuse time and time again Extract fields at search time with Splunk’s interactive field extractor tool Create macro’s and pass arguments into your search Utilise workflow actions which enable you to launch and interact with external resources Create powerful data models which can be used to run the Pivot tool Add value to your event data using lookups Splunk Fundamentals 2 - Course Objectives Module 1 – Introduction Overview of Buttercup Games Inc. Lab environment Module 2 – Beyond Search Fundamentals Search fundamentals review Case sensitivity Using the job inspector to view search performance Audience Module 3 - Using Transforming Commands for Visualisations Explore data structure requirements Explore visualization types Create and format charts and timecharts Module 4 - Using Mapping and Single Value Commands The iplocation command The geostats command The geom command The addtotals command Module 5 - Filtering and Formatting Results The eval command Using the search and where commands to filter results The filnull command Module 6 – Correlating Events Identify transactions Group events using fields Group events using fields and time Search with transactions Report on transactions Determine when to use transactions vs. stats Module 7 – Introduction to Knowledge Objects Identify naming conventions Review permissions Manage knowledge objects Module 8 – Creating and Managing Fields Perform regex field extractions using the Field Extractor (FX) Perform delimiter field extractions using the FX Module 9 – Creating Field Aliases and Calculated Fields Describe, create, and use field aliases Describe, create and use calculated fields Module 10 – Creating Tags and Event Types Create and use tags Describe event types and their uses Create an event type Module 11 – Creating and Using Macros Describe macros Create and use a basic macro Define arguments and variables for a macro Add and use arguments with a macro Module 12 – Creating and Using Workflow Actions Describe the function of GET, POST, and Search workflow actions Create a GET workflow action Create a POST workflow action Create a Search workflow action Module 13 – Creating Data Models Describe the relationship between data models and pivot Identify data model attributes Create a data model Use a data model in pivot Module 14 – Using the Common Information Model (CIM) Add-On Describe the Splunk CIM List the knowledge objects included with the Splunk CIM Add-On Use the CIM Add-On to normalize data Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West)

Splunk Education, Training and Professional Services Provider Splunk Enterprise Administrators Learn to install, configure, manage, and use the Splunk App for Enterprise Security. This path is intended for Splunk Administrators that manage Splunk Enterprise Security deployments. Splunk Enterprise Administrators Track Courses Splunk Fundamentals 1 Splunk Fundamentals 2 Creating Dashboards with Splunk Splunk Fundamentals 3 Advanced Dashboards and Visualisations Splunk Enterprise System Administration Splunk Enterprise Data Administration Architecting Splunk Enterprise Deployments Administering Splunk Enterprise Security One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Education Multi Subject Course Training delivered by INGENIQ. Ingeniq is the Authorised Splunk Training Provider for Australia and New Zealand and is certified to deliver the complete range of Splunk courses and offer both Instructor led public and dedicated virtual and face-to-face courses. Courses Ingeniq is the Splunk Training Provider and Authorised Learning Partner for Australia and New Zealand and is certified to deliver the complete range of Splunk courses and modules and offers both Instructor led public and dedicated virtual and face-to-face courses. Splunk Education Instructor led multi-subject course training takes 4.5 to 18 hours or less to complete and contributes towards Splunk certifications. Have a question? Our Education Consultants can help - call us or email at sales@ingeniq.com.au and we'll be in touch. Call us on 1300 245 802 Splunk Enterprise System Administration This course is designed for system administrators and provides the fundamental knowledge of Splunk license manager,indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components. Read More Splunk Enterprise Data Administration This course prepares system administrators to configure and manage Splunk. Topics include installation, configuring data inputs and forwarders, data management, user accounts, licenses, and troubleshooting and monitoring. Read More Architecting Splunk Enterprise Deployments This course focuses on large enterprise deployments. Anyone involved in the design and deployment of Splunk will learn steps and best practices for planning, data collection, sizing and documenting a distributed deployment Read More Troubleshooting Splunk Enterprise This course is designed for Splunk Administrators. Learn the techniques for troubleshooting a standard splunk distributed deployment using the tools available on Splunk Enterprise. The lab-oriented class helps you gain troubleshooting experience using a live system and simulated case logs. Read More Splunk Enterprise Cluster Administration This course is for advanced Splunk administrators. The splunk course provides the fundamental knowledge of deploying and managing a Splunk cluster environment. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk clusters. Read More Splunk Cloud Administration This course is designed to prepare administrators to manage users and get data in Splunk Cloud. The focus in this class is about the knowledge, best practices, and configuration details for Splunk Cloud. Read More Implementing Splunk IT Service Intelligence This course focuses on installation, configuring Splunk’s app for ITSI. Topics include architecture, service design and implementation, notable events, developing glass tables and deep dives. Read More Using Splunk IT Service Intelligence This course is designed for analyst users who want to use Splunk IT Service Intelligence to manage, analyze, and optimize their IT services. Read More Using Splunk Enterprise Security This course prepares security analysts and administrators to use the Splunk add-on for Enterprise Security (ES). Students will use ES to identify and track security incidents, analyse security risks, use predictive analytics, and threat discovery. Read More Administering Splunk Enterprise Security This course prepares architects and systems admins to install, configure and manage the Splunk app for ES. It covers ES event processing and normalisation, risk analysis settings, threat intelligence and customisation. Read More Administering SOAR (Phantom) This course prepares IT and security practitioners to install, configure and use a SOAR (Phantom) server in their environment and will prepare developers to attend the playbook development course. Read More Developing SOAR Playbooks This course provides The Developing SOAR (Phantom) Playbooks is an introductory course that prepares IT and security practitioners to plan, design, create and debug basic playbooks for Phantom. Read More Splunk Enterprise Practical Lab This 24-hour practical lab exercise is designed to take you through the tasks of a complete mock development. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices. Read More One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Enterprise Cluster Administration Training delivered by INGENIQ Splunk Enterprise Cluster Administration The Splunk Enterprise Cluster Administration course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. The Splunk Enterprise Cluster Administration course covers installation, configuration, management and monitoring of Splunk clusters. While Splunk Clusters are supported in Windows environments, the class lab environment is running on Linux instances only. Splunk Credit Value : 150 Duration : 13.5 hours over 3 days Time : 9:00 am - 1:30 pm AEST *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! This course was very interactive . Logging into Splunk and showing how to do it, giving examples and showing the ins and outs of ES actually makes a huge difference. Well done to the instructor. Participant, Using Splunk Enterprise Security Splunk Enterprise Cluster Administration - Course Topics Large-scale Splunk Deployment Overview Single-site (high-availability) Indexer Cluster Multisite (disaster-recovery) Indexer Cluster Indexer Cluster Management and Administration Indexer Discovery Forwarder Configuration Search Head Cluster Search Head Cluster Management and Administration KV Store Collection and Lookup Management Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Introduction to Knowledge Objects Creating Knowledge Objects Creating Field Extractions Splunk Enterprise System Administration Splunk Enterprise Data Administration Troubleshooting Splunk Enterprise Additional courses and/or knowledge in these areas are also highly recommended: Enriching Data with Lookups Data Models Splunk Enterprise Cluster Administration - Audience Anyone involved in the design, deployment and administration of Splunk within organisations. Previous attendees have included Consultants, IT Administrators, Pre-Sales Engineers and Solution Architects. Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Related Certifications Splunk Enterprise Certified Architect After completing Splunk Enterprise Cluster Administration course you will be able to Configure Splunk for High Availability and Disaster Recovery Set up search head clustering Configure and manage clusters Identify troubles within a clustered environment Add and remove cluster nodes Module 1 – Large-scale Splunk Deployment Overview Factors that affecting deployment design Splunk cluster overview License Master Module 2 – Single-site Indexer Cluster Splunk single-site indexer cluster configuration Optional single-site indexer cluster configurations Module 3 – Multisite Indexer Cluster Splunk multi-site indexer cluster overview Multi-site indexer cluster configuration Optional multi-site indexer cluster configurations Cluster migration and upgrade considerations Module 4 – Indexer Cluster Management and Administration Indexer cluster storage utilization options Peer offline and decommission Master app bundles Monitoring Console for indexer cluster environment Module 5 – Forwarder Management Indexer discovery Optional indexer discovery configurations Module 6 – Search Head Cluster Splunk search head cluster overview Search head cluster configuration Module 7 – Search Head Cluster Management and Administration Search head cluster deployer Captaincy transfer Search head member addition and decommissioning Monitoring Console for Search Head Cluster Module 8 – KV Store Collection and Lookup Management KV Store collection in Splunk clusters KV Store monitoring with Monitoring Console Splunk Enterprise Cluster Administration - Course Objectives Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Splunk Enterprise Cluster Administration - Upcoming Courses Splunk Enterprise Cluster Administration: Starts June 15 to 17, 2026 Price USD 1,500.00

Contact INGENIQ for Splunk Training and Education Services Contact Us Have a Question? Our Education Consultants can help - call us, email or complete the form below and we'll be in touch. Ingeniq, a Bluechip company 97 Derby Street Sliverwater NSW2128 1300 245 802 Int: +612 8705 1505 +612 8705 1555 Email: sales@ingeniq.com.au Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Education, Training and Professional Services Provider Kubernetes Monitoring with Splunk Observability Cloud Summary This virtual course targeted to SREs and DevOps enables you to monitor and troubleshoot your Kubernetes clusters with Splunk Observability Cloud. Through discussions and hands-on activities, learn to explore and use the Kubernetes Navigator, built-in dashboards, and AutoDetect to monitor the health of your cluster. Create custom dashboards and detectors to monitor and troubleshoot common Kubernetes trouble conditions. This course assumes basic knowledge of Kubernetes and familiarity with navigating Splunk IM. This lab-oriented class is designed to help you learn best practices and tips to use Splunk Observability Cloud to monitor and troubleshoot Kubernetes clusters. All hands-on labs are performed in the Observability Cloud UI. Description Describe common scenarios for monitoring Kubernetes Use Splunk Observability Cloud's built-in tools to monitor Kubernetes Create custom dashboards and detectors to monitor Kubernetes Troubleshoot common Kubernetes issues Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts! Participant, Splunk Fundamentals 2 Splunk Credit Value: 50 Duration: 3 hours Time: 9am – 12pm AET Objectives Topic 1: Exploring Kubernetes Clusters with Splunk Observability Cloud Describe common scenarios for monitoring Kubernetes Describe how to send Kubernetes data Use the Kubernetes Navigator to view cluster data Use Kubernetes Dashboard to view cluster data Topic 2: Monitoring Kubernetes with Built-in Content Use the Kubernetes Navigator to investigate problems with nodes, pods, and containers Use the Cluster Analyzer to pinpoint the root of some problems Use built-in Kubernetes Dashboards to investigate and troubleshoot Use AutoDetect to investigate and troubleshoot Topic 3: Monitor Kubernetes with Custom Dashboards and Detectors Use the Metrics Finder to research Kubernetes metrics Create custom charts, dashboards, and dashboard groups to monitor Kubernetes Create custom detectors to monitor Kubernetes metrics Customize alert messages Prerequisites Required: Splunk Infrastructure Monitoring Fundamentals (ILT) Introduction to Splunk IM (eLearning) Basic knowledge of Kubernetes Strongly recommended Experience managing a Kubernetes cluster and using it in a production environment Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West)

Comparing Values - Splunk Education Single Subject Course Training. Comparing Values The Splunk Education single-subject course module, Comparing Values is for power users who want to learn how to compare field values using eval functions and eval expressions. Topics will focus on using the comparison and conditional functions of the eval command, and using eval expressions with the field format and where commands. Splunk Credit Value : 50 Duration : 3 hours Time : 9:00 am - 12:00 pm AEST Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful. Participant, Splunk Fundamentals 2 Comparing Values - Course Topics Using eval to Compare Filtering with where Using Fields in Searches Comparing Temporary versus Persistent Fields Enriching Data Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Visualizations Working with Time Statistical Processing Comparing Values - Audience People who would like to complete the Search Expert learning path or for Splunk Power Users. Comparing Values - Course Objectives Topic 1 – Using eval to Compare Understand the eval command Explain evaluation functions Identify and use comparison and conditional functions Use the fieldformat command to format field values Topic 2 – Filtering with where Use the where command to filter results Use wildcards with the where command Filter fields with the information functions, isnull and isnotnull Topic 3 - Using Fields in Searches Use fields correctly in basic searches Use fields with operators Use the rename command Use the fields command to improve search performance Topic 4 – Comparing Temporary versus Persistent Fields Differentiate between temporary and persistent fields Create temporary fields with the eval command Extract temporary fields with the erex and rex commands Topic 5 – Enriching Data Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data Splunk Course Schedules and Timezones Splunk Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Comparing Values - Upcoming Schedule We don’t have any products to show here right now.

Splunk Enterprise Security Administrator | Splunk Training Pack delivered by INGENIQ Splunk Enterprise Security Administrator Splunk Training Pack#5 Splunk Enterprise Security Admin Learn more, for less.. Ingeniq Splunk Training Packs are a collections of courses that when purchased together qualify for discounts of up to 25%. Splunk Training Packs apply to all Training Tracks and Certifications – in fact to any combination of courses purchased together from Ingeniq. Buy Splunk Training Pack#5 and you’ll sit all the courses you need to be certified as a Splunk Enterprise Security Admin. A Splunk Certified Enterprise Security Admin manages a Splunk Enterprise Security environment, including ES event processing and normalisation, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence, protocol intelligence configuration and customisations. Call our Training Consultants now on 1300 245 802 or email sales@ingeniq.com.au to have this training pack tailored to you or your team' s requirements. Splunk Training Pack Courses Splunk Enterprise System Administration This virtual 9 hour course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management and monitoring core Splunk Enterprise components. Splunk Enterprise Data Administration This virtual 13.5 hour course is designed for system administrators who are responsible for getting data into Splunk Indexers. Administering Splunk Enterprise Security This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations. Cert Exam - Splunk Enterprise Security Admin [USD 125] There are three ways to purchase a PearsonVUE registration voucher: Directly from PearsonVUE From Splunk (as an individual) From Splunk (as an account) Full instructions below. Addon & Save!! Splunk Fundamentals 2 This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalising data with the Common Interface Model (CIM). This course runs over 4 days and focuses on additional search commands as well as advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, accelerating reports and data models. Splunk Fundamentals 3 Architecting Splunk Enterprise Deployments This 9 hour Splunk course focuses on large enterprise deployments. Students will learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment. Advanced Searching and Reporting This 13.5 hour Splunk course focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Splunk Certifications Exam When you’re ready to take a Splunk Certification exam, please view the Exam-Registration-Tutorial for registration assistance. As a reminder, each exam attempt costs US$125. Bulk registration vouchers can be purchased at a discounted price of five registrations for US$500. How to register for your exam There are three ways to purchase a PearsonVUE registration voucher: 1) Directly from PearsonVUE This is the most streamlined approach. Follow the steps for account creation and exam registration provided at www.pearsonvue.com/splunk Payment will be collected at the time of registration. You can also visit the Pearson VUE voucher store for direct purchase. 2) From Splunk (as an individual) Log into your existing account at Splunk.com/Education to purchase a registration code. Payment can be made via credit card or existing Splunk Education credits. Splunk will email you a unique registration code, which can be used for registration at www.pearsonvue.com/splunk . 3) From Splunk (as an account) Your Splunk Sales Rep can add certification exams to any deal. Once the number of vouchers has been requested, Splunk will email your unique registration codes, which can be used for registration at www.pearsonvue.com/splunk All scheduled exams are subject to a minimum 24-hour cancellation and/or rescheduling policy. Failure to cancel or reschedule an exam within this timeframe results in forfeiture of registration fee. One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Education, Training and Professional Services Provider Configuring Tracing and Profiling for Splunk APM Summary This single subject course targeted to DevOps enables you to learn configuration techniques to send traces to Splunk APM. Through in-person discussions and hands-on activities, learn to deploy the Splunk OpenTelemetry Collector on a Linux host. Use the OpenTelemetry Collector to configure processor components to modify trace metadata. Use auto-instrumentation to send in traces without altering your code. Enable AlwaysOn profiling to monitor code performance. This course assumes familiarity with navigating Splunk APM which is covered in the course Using Splunk Application Performance Monitoring. This lab-oriented class is designed to help you learn the fundamentals of configuring your code to send in traces and trace metadata. All hands-on labs are in Python and Java. Description Deploy the Splunk OTel Collector Configure the Splunk OTel Collector processor components Use Auto-Instrumentation to Send Traces Add metadata to your traces Enable AlwaysOn Profiling Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts! Participant, Splunk Fundamentals 2 Splunk Credit Value: 50 Duration: 3 hours Time: 11am - 2 pm AEST Objectives Topic 1 – Deploy and Configure the Otel Collector Deploy the Splunk OTel Collector Configure the OTel Collector Topic 2 – Auto-Instrument Applications To Send Traces Describe instrumentation options Use auto-instrumentation to send in traces Topic 3 – Configure the OTel Collector to Modify Trace Attributes Describe the OTel Collector architecture Configure processor components to modify trace metadata Topic 4 – Enable Splunk AlwaysOn Profiling Enable AlwaysOn Profiling in applications Prerequisites Required: Using Splunk Application Performance Monitoring Familiarity with using the command line terminal Strongly recommended: Basic knowledge of programming languages (e.g. Python, Java) Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West)

Leveraging Lookups and Subsearches - Splunk Education Single Subject Course Training. Leveraging Lookups and Subsearches The Splunk Education single-subject course module, Leveraging Lookups and Subsearches is designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources. Splunk Credit Value : 50 Duration : 3 hours Time : 9:00 am - 12:00 pm AEST Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful. Participant, Splunk Fundamentals 2 Leveraging Lookups and Subsearches - Course Topics Using Lookup Commands Adding a Subsearch Using the return Command Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Visualizations Working with Time Statistical Processing Comparing Values Result Modification Scheduling Reports and Alerts Introduction to Dashboards Leveraging Lookups and Subsearches - Audience Search Expert learning path Leveraging Lookups and Subsearches - Course Objectives Topic 1 – Using Lookup Commands Understand lookups Use the inputlookup command to search lookup files Use the lookup command to invoke field value lookups Invoke geospatial lookups in search Topic 2 – Adding a Subsearch Define subsearch Use subsearch to filter results Identify when to use subsearch Understand subsearch limitations and alternatives Topic 3 - Using the return Command Use the return command to pass values from a subsearch Compare the return and fields commands Splunk Course Schedules and Timezones Splunk Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Leveraging Lookups and Subsearches - Upcoming Schedule We don’t have any products to show here right now.

Splunk Enterprise System Administration Training delivered by INGENIQ Splunk Enterprise System Administration The Splunk Enterprise System Administration (Version 9) course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The Splunk Enterprise System Administration course provides fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management and monitoring core Splunk Enterprise components. Splunk Credit Value : 150 Duration : 12 hours over 2 days Time : 9:00 - 4:00 pm AET *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Splunk Enterprise System Administration - Course Topics Splunk Deployment Overview License Management Splunk Apps Splunk Configuration Files Index Management Users, Roles and Authentication Basic Forwarding Distributed Search Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Intro to Knowledge Objects Creating Knowledge Objects Creating Field Extractions Enriching Data with Lookups Data Models Related Certifications Splunk Enterprise Certified Admin Splunk Enterprise Certified Architect Splunk Certified Enterprise Security Admin Splunk IT Service Intelligence Certified Admin Splunk Enterprise System Administration - Audience Anyone within a technical role who is involved in the management of Splunk within their organisation or are looking to become Splunk certified. Previous attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects. Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site After completing Splunk Enterprise System Administration course you will be able to Build and manage a production Splunk environment Administer licences Install and configure forwarders Understand the basics of getting data into Splunk Maintain and optimise indexes Create and manage users & roles Understand Splunk scaling using distributed search and management Splunk Enterprise System Administration - Course Objectives Module 1 – Deploying Splunk Provide an overview of Splunk Identify Splunk Enterprise components Identify the types of Splunk deployments List the steps to install Splunk Use Splunk CLI commands Module 2 – Monitoring Splunk Use Splunk Health Report Enable the Monitoring Console (MC) Use Splunk Assist Use Splunk Diag Module 3 - Licensing Splunk Identify Splunk license types Describe license violations Add and remove licenses Module 4 - Using Configuration Files Describe Splunk configuration directory structure Understand configuration layering process Use btool to examine configuration settings Module 5 - Using Apps Describe Splunk apps and add-ons Install an app on a Splunk instance Manage app accessibility and permissions Module 6 – Creating Indexes Apply a data retention policy Backup data on indexers Delete data from an index Restore frozen data Module 7 – Managing Index Review Splunk Index Management basics Identify data retention recommendations Identify backup recommendations Move and delete index data Describe the use of the Fishbucket Restore a frozen bucket Module 8 – Managing Users Add Splunk users using native authentication Describe user roles in Splunk Create a custom role Manage users in Splunk Module 9 – Configuring Basic Forwarding Identify forwarder configuration steps Configure a Universal Forwarder Understand the Deployment Server Module 10 – Configuring Distributed Search Describe how distributed search works Describe the roles of the search head and search peers Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Splunk Enterprise System Administration - Upcoming Courses Splunk Enterprise System Administration V9: Starts June 15 and 16, 2026 Price USD 1,500.00 Splunk Enterprise System Administration V9: Starts May 11 and 12, 2026 Course Closed Splunk Enterprise System Administration V9: Starts April 13 and 14, 2026 Course Closed Splunk Enterprise System Administration V9: Starts March 9 and 10, 2026 Course Closed