Troubleshooting Splunk Enterprise Training delivered by INGENIQ Troubleshooting Splunk Enterprise The Troubleshooting Splunk Enterprise course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise. Troubleshooting Splunk Enterprise course is a lab-oriented class designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system and simulated case logs. This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps. Splunk Credit Value : 100 Duration : 9 hours over 2 days Time : 9:00 am - 1:30 pm AEST *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! This course was very interactive . Logging into Splunk and showing how to do it, giving examples and showing the ins and outs of ES actually makes a huge difference. Well done to the instructor. Participant, Using Splunk Enterprise Security Troubleshooting Splunk Enterprise - Course Topics Splunk Support Model Splunk Troubleshooting Methods and Tools Clarifying the Problem Installation, Licensing, and Crash Problems UI and Search Problems Configuration Problems Deployment Problems User Management Problems Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Introduction to Knowledge Objects Creating Knowledge Objects Creating Field Extractions Splunk Enterprise System Administration Splunk Enterprise Data Administration Troubleshooting Splunk Enterprise Additional courses and/or knowledge in these areas are also highly recommended: Enriching Data with Lookups Data Models Splunk Enterprise Cluster Administration Troubleshooting Splunk Enterprise - Audience Anyone within a technical role who is involved in the Administration of Splunk within their organisation or are looking to become Architect II certified. Previous Attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Related Certifications Splunk Enterprise Certified Architect After completing Troubleshooting Splunk Enterprise course you will be able to Understand the Splunk Support Model and its resources Identify the best practices for troubleshooting Splunk Enterprise List ways to gather useful Splunk diagnostic information Use Splunk diagnostic tools Identify common Splunk technical issues and solutions Splunk Course Schedules and Timezones Module 1 – Splunk Support Model Splunk support resources Module 2 – Splunk Troubleshooting Methods and Tools Splunk troubleshooting methodology Splunk diagnostic tools Module 3 – Clarifying the problem Splunk Topology Index-time pipeline Search-time pipeline Module 4 – Installation, Licensing and Crash problems Installation issues License issues Crash issues Module 5 – Configuration problems Input issues Configuration Precedence Module 6 – UI and Search problems Search issues Dashboard issues Module 7 – Deployment problems Forwarding issues Distributed search issues Deployment server issues Module 8 – User Management problems Splunk users and role capabilities Directory integration issues Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Troubleshooting Splunk Enterprise - Upcoming Courses Troubleshooting Splunk Enterprise : Starts June 18 and 19, 2026 Price USD 1,000.00 Troubleshooting Splunk Enterprise : Starts May 7 and 8, 2026 Course Closed Troubleshooting Splunk Enterprise : Starts March 19 and 20, 2026 Course Closed

Splunk Education, Training and Professional Services Provider Advanced Dashboards and Visualizations with Splunk 8.1 Summary This one-day course is designed for advanced users who want to create SplunkJS dashboards and Splunk Custom Visualizations. It focuses on creating dashboards, adding inputs, using event handlers and creating Splunk Custom Visualizations using JavaScript and XML. Description SplunkJS Dashboards Tokens Using Event Handlers Custom Visualizations Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts! Participant, Splunk Fundamentals 2 Splunk Credit Value: 50 Duration: 4.5 hours Time: 11am – 3.30 pm AEST Objectives Module 1 – SplunkJS Dashboards Identify view types Create a SplunkJS dashboard Define view properties, methods and events List types of search managers Module 2 – Using Tokens Use tokens in SplunkJS Define Splunk’s token models Describe how to get, set, and change tokens Create a SplunkJS form Module 3 – Using Event Handlers Identify types of event handlers Define event handler syntax Define drilldown properties Create an event handler Module 4 – Creating Custom Visualizations Define the custom visualization primary files Add custom visualizations to views Create a custom visualization Define security best practices Prerequisites To be successful, students should have a solid understanding of the following courses: Splunk Fundamentals 1 Splunk Fundamentals 2 OR the following single-subject courses: What Is Splunk? Intro to Splunk Using Fields Visualizations Data Models Introduction to Dashboards Dynamic Dashboards Students should also have the following skills: Using a terminal editor (vi,nano, etc) Editing JavaScript, XML, CSS and HTML Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West)

Advanced Power User | Splunk Training Pack delivered by INGENIQ Splunk Advanced Power User Splunk Training Pack#1 Splunk Advanced Power User Learn more, for less.. Ingeniq Splunk Training Packs are a collections of courses that when purchased together qualify for discounts of up to 25%. Splunk Training Packs apply to all Training Tracks and Certifications – in fact to any combination of courses purchased together from Ingeniq. Buy Splunk Training Pack#1 and you’ll sit all the courses you need to be certified as a Splunk Advanced Power User. Splunk Core Certified Advanced Power Users have greater depths of knowledge and skills in complex searching and reporting commands, advanced use cases of knowledge objects, and best practices for building dashboards and forms. Add-On any combination of courses to your Splunk training pack purchase and they’ll qualify for discounts too. Call our Training Consultants now on 1300 245 802 or email sales@ingeniq.com.au to have this training pack tailored to you or your team's requirements. Splunk Training Pack Courses Splunk Fundamentals 3 This course runs over 4 days and focuses on additional search commands as well as advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, accelerating reports and data models. Advanced Searching and Reporting This 13.5 hour Splunk course focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Cert Exam - Splunk Advanced Power User [USD125] There are three ways to purchase a PearsonVUE registration voucher: Directly from PearsonVUE From Splunk (as an individual) From Splunk (as an account) Full instructions below. Addon & Save!! Splunk Fundamentals 2 This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM). Splunk Certifications Exam When you’re ready to take a Splunk Certification exam, please view the Exam-Registration-Tutorial for registration assistance. As a reminder, each exam attempt costs US$125. Bulk registration vouchers can be purchased at a discounted price of five registrations for US$500. How to register for your exam There are three ways to purchase a PearsonVUE registration voucher: 1) Directly from PearsonVUE This is the most streamlined approach. Follow the steps for account creation and exam registration provided at www.pearsonvue.com/splunk Payment will be collected at the time of registration. You can also visit the Pearson VUE voucher store for direct purchase. 2) From Splunk (as an individual) Log into your existing account at Splunk.com/Education to purchase a registration code. Payment can be made via credit card or existing Splunk Education credits. Splunk will email you a unique registration code, which can be used for registration at www.pearsonvue.com/splunk . 3) From Splunk (as an account) Your Splunk Sales Rep can add certification exams to any deal. Once the number of vouchers has been requested, Splunk will email your unique registration codes, which can be used for registration at www.pearsonvue.com/splunk All scheduled exams are subject to a minimum 24-hour cancellation and/or rescheduling policy. Failure to cancel or reschedule an exam within this timeframe results in forfeiture of registration fee. One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Enterprise Data Administration Training delivered by INGENIQ Splunk Enterprise Data Administration The Splunk Enterprise Data Administration course (Version 9) is designed for system administrators who are responsible for getting data into Splunk Indexers. The Splunk Enterprise Data Administration course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, troubleshooting of Splunk forwarders and Splunk Deployment Server components. Splunk Credit Value : 225 Duration : 18 hours over 3 days Time : 9:00 am - 4:00 pm AEST *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! The instructor was very patient and worked with everyone who had issues and sorted them out. Thanks for that. Participant, Troubleshooting Splunk Splunk Enterprise Data Administration - Course Topics Understand sourcetypes Manage and deploy forwarders Configure data inputs Fire monitors Network inputs (TCP/UDP) Scripted inputs HTTP inputs (via the HTTP Event Collector) Customize the input phase parsing process Define transformations to modify data before indexing Define search time knowledge object configurations Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Intro to Splunk Using Fields Introduction to Knowledge Objects Creating Knowledge Objects Creating Field Extractions Enriching Data with Lookups Data Models Splunk Enterprise System TAdministration Splunk Enterprise Data Administration - Audience Anyone within a technical role who is involved in the management of Splunk within their organisation or are looking to become Splunk certified. Previous attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects. Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Related Certifications Splunk Enterprise Certified Admin Splunk Enterprise Certified Architect Splunk Certified Enterprise Security Admin Splunk IT Service Intelligence Certified Admin After completing Splunk Enterprise Data Administration course you will be able to Install and Configure forwarders Get data into a production environment Maintain and manage forwarders Correctly create and maintain inputs: Files Directories Network Scripted Agentless Understand and work with the data input phases Inputs Parsing Indexing Splunk Enterprise Data Administration - Course Objectives Module 1 - Getting Data Into Splunk Provide an overview of Splunk Describe the Splunk distributed model Describe data input types and metadata settings Configure initial input testing with Splunk Web Testing indexes with Input Staging Module 2 - Configuration Files and Apps Identify Splunk configuration files and directories Describe index-time and search-time precedence Validate and update configuration files Explore Splunk apps and app installation Module 3 - Configuring Forwarders Configure Universal Forwarders Configure Heavy Forwarders Module 4 - Customizing Forwarders Configure intermediate forwarders Identify additional forwarder options Module 5 - Managing Forwarders Describe Splunk Deployment Server (DS) Manage forwarders using deployment apps Configure deployment clients and client groups Monitor forwarder management activities Module 6 - Monitor Inputs Create file and directory monitor inputs Use optional settings for monitor inputs Deploy a remote monitor input Module 7 - Network Inputs Create network (TCP and UDP) inputs Describe optional settings for network inputs Module 8 - Scripted Inputs Create a basic scripted input Module 9 - Agentless Inputs Configure Splunk HTTP Event Collector (HEC) agentless input Describe Splunk App for Stream Module 10 - Operating System Inputs Identify Linux-specific inputs Identify Windows-specific inputs Module 11 - Fine-tuning Inputs Understand the default processing that occurs during input phase Configure input phase options, such as source type fine-tuning and character set encoding Module 12 - Parsing Phase and Data Preview Understand the default processing that occurs during parsing Optimize and configure event line breaking Explain how timestamps and time zones are extracted or assigned to events Use Data Preview to validate event creation during parsing phase Module 13 - Manipulating Input Data Explore Splunk transformation methods Create rulesets with Ingest Actions Mask data with Ingest Actions rules Mask data with SEDCMD and TRANSFORMS Module 14 - Routing Input Data Filter data with Ingest Action rules Route data with Ingest Action rules Route data with Transforms Override sourcetype or host based upon event values Module 15 - Supporting Knowledge Objects Define default and custom search time field extractions Identify the pros and cons of indexed time field extractions Configure indexed field extractions Describe default search time extractions Manage orphaned knowledge objects Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Splunk Enterprise Data Administration - Upcoming Courses Splunk Enterprise Data Administration V9: Starts June 17 to 19, 2026 Price USD 2,250.00 Splunk Enterprise Data Administration V9: Starts May 13 to 15, 2026 Course Closed Splunk Enterprise Data Administration V9: Starts April 15 to 17, 2026 Course Closed Splunk Enterprise Data Administration V9: Starts March 11 to 13, 2026 Course Closed

Splunk Education Multi Subject Legacy Course Information delivered by INGENIQ. Ingeniq is the Authorised Splunk Training Provider for Australia and New Zealand and is certified to deliver the complete range of Splunk courses and offer both Instructor led public and dedicated virtual and face-to-face courses. Splunk Legacy Courses A number of Splunk Courses have been replaced by shorter Splunk single-subject course modules, these pages have been retained to assist customers. To see which courses have been replaced and book the equivalent course click here Single-subject to Multi-subject course mapping. Have a question? Our Education Consultants can help - call us or email at sales@ingeniq.com.au and we'll be in touch. Call us on 1300 245 802 Splunk Fundamentals 1 Read More This self-paced e-learning or Instructor-led version teaches you how to search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards, lookups, and alerts. It will also introduce you to Splunk’s datasets features and Pivot interface. Splunk Fundamentals 2 This course focuses on searching and reporting commands and creation of knowledge objects. Major topics include using transforming commands and visualisations, filtering and formatting results, creating workflow actions and data models, and normalizing data with the CIM. Read More Splunk Fundamentals 3 This course focuses on searching and reporting commands and creation of knowledge objects. Major topics include using transforming commands and visualisations, filtering and formatting results, creating workflow actions and data models, and normalizing data with the CIM. Read More Creating Dashboards with Splunk This course is designed for power users who want to create fast and efficient views that include customized charts, drilldowns, advanced behaviors and visualizations. Major topics include using tokens, global searches, event handlers, dynamic drilldowns and simple XML extensions for JavaScript and CSS. Read More Advanced Searching and Reporting This course focuses on more advanced search and reporting commands. Main topics discussed are scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts. Read More One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Implementing Splunk IT Service Intelligence Training delivered by INGENIQ Implementing Splunk IT Service Intelligence The Implementing Splunk IT Service Intelligence course prepares consultants to install and configure Splunk’s app for IT Service Intelligence (ITSI). Students will learn to use ITSI to monitor mission-critical services. Topics include ITSI architecture, deployment planning, installation, service design and implementation, configuring entities, notable events, and developing glass tables and deep dives. Splunk Credit Value : 200 Duration : 18 hours over 4 days Time : 9:00 am - 1:30 pm AEST *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Great attitude to the students, encourage questions. always attempt his best to answer them. there is a lot of material but he strive through it. willingness to go beyond to do his job, well done. Participant, Cluster Administration Implementing Splunk IT Service Intelligence - Course Topics ITSI architecture and deployment Installing ITSI Designing Services – Discovery and best practices Implementing services and entities Configuring correlation searches and multi KPI alerts Managing aggregration policies and anomaly detection Troubleshooting and maintenance Course Prerequisites To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: Either ONE of these completed Certification Paths Splunk Enterprise System Administration Splunk Enterprise Data Administration Splunk Cloud Administration Or all of these Courses Intro to Splunk Using Fields Visualizations Introduction to Knowledge Objects Creating Knowledge Objects Creating Field Extraction Implementing Splunk IT Service Intelligence - Audience Anyone whose role requires them to create complex search queries, advanced data models and reports with Splunk who have limited exposure to regular expressions. Previous attendees have included Consultants, IT Administrators and Business Intelligence/Business Analysts. Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Related Certifications Splunk IT Service Intelligence Certified Admin After completing Implementing Splunk IT Service Intelligence course you will be able to Identify and design ITSI Services and KPI’s Understand customer requirements, and translate into an ITSI implementation Design and Implement Glass Tables Create and Manage Notable Events Configure Adaptive Thresholds and Anomaly Detection Customize Deep Dive views Work with Entities and Dependencies. Implementing Splunk IT Service Intelligence - Course Objectives Module 1 - Introducing ITSI Identify ITSI features Describe reasons for using ITSI Examine the ITSI user interface Module 2 - Glass Tables Describe glass tables Use glass tables Design glass tables Configure glass tables Module 3 - Managing Notable Events Define key notable events terms and their relationships Describe examples of multi – KPI Alerts Describe the notable events workflow Work with notable events Module 4 - Investigating Issues with Deep Dives Describe deep dive concepts and their relationships Use default deep dives Create and customize new custom deep dives Add and configure swim lanes Custom views Describe effective workflows for troubleshooting Module 5 - Installing and Configuring ITSI List ITSI hardware recommendations Describe ITSI deployment options Identify ITSI components Describe the installation procedure Identify data input options for ITSI Add custom data to an ITSI deployment Module 6 - Designing Services Given customer requirements, plan an ITSI Implementation Identify site entities Module 7 - Data Audit and Base Searches Use a data audit to identify service key performance indicators Design base searches Module 8 – Implementing Services Use a service design to implement services in ITSI Module 9 – Thresholds and Time Policies Create KPI’s with static and adaptive thresholds Use Time policies to define flexible thresholds Module 10 – Entities and Dependencies Using entities in KPI Searches Defining dependencies Module 11 – Correlation and Multi KPI Searches Define new correlation searches Define Multi KPI Alerts Manage notable event storage Module 12 – Aggregation Policies Create new aggregation policies Use smart mode Module 13 – Anomaly Detection Enable anomaly detection Work with generated anomaly events Module 14 – Access Control Configure user access control Create services level teams Module 15 - Troubleshooting ITSI Backup and restore Maintenance mode Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Implementing Splunk IT Service Intelligence - Upcoming Courses Implementing Splunk IT Service Intelligence: Starts May 26 to 29, 2026 Price USD 2,000.00 Implementing Splunk IT Service Intelligence: Starts April 7 to 10, 2026 Course Closed

Splunk Education, Training and Professional Services Provider Developing with Splunk's REST API 8.2 Summary This nine hour course teaches you how to use the Splunk REST API to accomplish tasks interacting with Splunk servers. In this course, you will use curl and Python to send requests to Splunk REST endpoints and will learn how to parse and use the results. The course will show you how to create a variety of objects in Splunk, how to change properties, work with and apply security to Splunk objects, run different types of searches and parse its results, ingest data using the HTTP Event Collector and manipulate collections and KV Stores. Description Introduction to the Splunk REST API Namespaces and Object Management Parsing Output Oneshot Searching Normal and Export Searching Advanced Searching and Job Management Working with KV Stores Using the HTTP Event Collector Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts! Participant, Splunk Fundamentals 2 Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Splunk Credit Value: 100 Duration: 2 days Time: 11am – 3.30 pm AEST Objectives Objectives Module 1 – Introduction to the Splunk REST API Use the proper case in searches Introduce the Splunk development environment and its REST endpoints Know to which Splunk server you should be connected to accomplish a desired task Authenticate with a Splunk server, with and without a session Module 2 – Namespaces and Object Managemen t Understand general CRUD with the REST API Understand how a namespace affects access to objects Use the servicesNS node and a namespace to access objects Understand how the sharing level and access control lists affect access to objects Modify the sharing level and the permissions on an object Using the rest command Module 3 – Parsing Output Understand the general structure of Atom-based output Format Atom-based JSON output Write code that uses the API and parse responses Module 4 – Oneshot Searches Review search language syntax and search best practices Execute a oneshot search Execute an export search Get search results Module 5–Normal and Export Searching Identify types of searches Create normal and export sea rches Get:Search results Search job status and other search job properties Module 6 – Advanced Searching and Job Management Executing a real time search Working with large results sets Working with saved searches Managing search jobs Module 7 – Working with the KV Store Define the function of a KV Store Perform CRUD operation s on collections and records Define collections and records Module 8 – Using the HTTP Event Collector (HEC) Create and use HEC tokens Input data using HEC endpoints Get indexer event acknowledgements Prerequisites To be successful, students should have a solid understanding of the following courses: Splunk Fundamentals 1 Splunk Fundamental s 2 OR the following single-subject courses: What Is Splunk? Intro to Splunk Using Fields Working with Time Statistical Processing Search Under the Hood Introduction to Knowledge Objects Students should also have completed the following course: Splunk Enterprise Data Administration (recommended) Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West)

Administering SOAR Training delivered by INGENIQ Administering Splunk SOAR The Administering SOAR (previously called Phantom) course prepares IT and security practitioners to install, configure and use a SOAR (Phantom) server in their environment and will prepare developers to attend the playbook development course. This 3.5 hour course prepares IT professionals to configure and manage SOAR Splunk Credit Value : 50 Duration : 3.5 hours over 1 day Time : 11:00 am - 2:30 pm AEST *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! The instructor very knowledgeable and was able to provide useful examples during the course.. Participant, Splunk Enterprise System Administration Administering SOAR - Course Topics SOAR concepts Initial configuration Apps and assets Configuring automation User management Ingesting data Customization and monitoring Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Course Prerequisites To be successful, students must have a working understanding of these courses: Investigating Incidents with Splunk SOAR Related Certifications None Administering SOAR - Audience Anyone whose role includes deploying, or maintaining and configuring Splunk SOAR (Phantom). SOC Engineer, Security Architects, Threat Hunters & Responders. After completing Administering SOAR course you will be able to Install and configure SOAR (Phantom) Configure apps, assets, access control and manage playbooks Identify and onboard data into SOAR (Phantom) Work with containers, labels, artifacts, and tags Manage investigations with actions and playbooks Use workbooks and case management Module 1 – Initial Configuration Describe SOAR operating concepts Identify documentation and community resources SOAR & Splunk Architecture Product settings Access control Authentication settings Response settings Understanding roles Creating users Managing user access Module 2 – Apps, Assets and Playbooks Add and configure apps and assets Manage playbooks Ingesting Data Labels and tags Event settings Module 3 – Customisation and Monitoring Create custom severity levels Create custom status levels Add custom fields and CEF settings Create custom workbooks Run reports Use SOAR audit tools Monitor system health Administering SOAR - Course Objectives Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Administering SOAR (Phantom) - Upcoming Courses We don’t have any products to show here right now.

Transitioning to Splunk Cloud Training delivered by INGENIQ Transitioning to Splunk Cloud The Transitioning to Splunk Cloud is a 2 day (9 hours) virtual course highlights key differences between Splunk Enterprise deployed on-premise and Splunk Enterprise Cloud to allow Splunk Administrators to transition to Splunk Cloud. The course provides the skills and knowledge for Splunk Cloud administrators to collect and ingest data as well as manage their cloud environment and maintain a productive Splunk SaaS deployment. Units : 2 Duration : 9 hours over 2 days Time : 9:00 am – 1:30 pm AEST (GMT +10) *Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency. The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful. Participant, Splunk Fundamentals 2 Transitioning to Splunk Cloud - Course Topics Splunk Cloud SaaS User Authentication and Authorisation Index Management and Data Retention Cloud Ingestion – Using Splunk Forwarders Cloud Ingestion – Use API, HEC and Scripted Inputs Cloud Ingestion – Using Apps and IDM Inputs Installing and Managing Apps Refine and Manipulate Inputs § Working with Cloud Support Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site Course Prerequisites Required Splunk Fundamentals 1 Splunk Fundamentals 2 Splunk Enterprise System Administration Splunk Enterprise Data Administration Transitioning to Splunk Cloud - Audience Splunk Partners having a Professional Services Practice. Related Certifications Splunk Cloud Certified Admin After completing Transitioning to Splunk Cloud course you will be able to Advantages of using Splunk Cloud Learn the differences between managing Splunk Enterprise and Cloud How to manage data and inputs in Splunk Cloud How to manage Apps and Configs in Splunk Cloud Transitioning to Splunk Cloud - Course Objectives Module 1 – Splunk Cloud SaaS Describe Cloud SaaS benefits and features Identify Splunk Cloud administrator managed tasks Explain the differences between Splunk Enterprise on premise and Splunk Enterprise Cloud Module 2 – User Authentication and Authorisation Identify Splunk Cloud authentication options Add Splunk users using native authentication Integrate Splunk with LDAP, Active Directory or SAML Understanding Splunk authorization options Module 3 – Index Management and Data Retention Understand cloud indexing strategy Create indexes in cloud Manage data retention and archiving Monitor indexing activities Module 4 – Cloud Ingestion – Using forwarders Review cloud ingestion strategies Understand the role of forwarders in GDI Configure forwarding to Splunk Cloud Monitoring forwarder connectivity Explore optional forwarder settings Module 5 – Cloud Ingestion – Using API, HEC and Scripted Inputs Understand how data is ingested using API Describe how to use HEC for ingestion Know how to deploy scripted inputs Module 6 – Cloud Ingestion – Using Apps and IDM Inputs Understand how inputs are managed using in apps or add-ons Describe how customers may use Splunk Stream app Deploy Cloud inputs for use on an IDM Module 7 – Installing and Managing Apps Understand how apps and add-ons are vetted and installed in Cloud Create apps to managing and distribute configurations Module 8 – Refine and Manipulate Inputs Create and define props and transforms using the UI Understand how to create, modify and deploy configs in Cloud Masking data and removing data prior to ingestion Dirty data and performance gains Module 9 – Cloud Support and Troubleshooting Troubleshooting Splunk deployments Collecting data and use diagnostics or monitoring to investigate Explore diagnostic tools used to troubleshoot common issues Overview of how to submit request with the relevant data for support to troubleshoot Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Transitioning to Splunk Cloud - Upcoming Courses We don’t have any products to show here right now.

Splunk Education, Training and Professional Services Provider Investigating Incidents with Splunk SOAR Summary This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems. Description SOAR concepts Investigations Running actions and playbooks Case management & workflows Enquiry Form Let us know what you're after Courses for me Certifications for me Courses for my team Dedicated courses for my teams Training Tracks for my Company Dedicated courses for my Company Training Packs Using Splunk Training Credits Submit Thanks for submitting! Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts! Participant, Splunk Fundamentals 2 Splunk Credit Value: 50 Duration: 3 hours Time: 11am – 2pm AEST Objectives Topic 1 – Starting Investigations SOAR investigation concepts ROI view Using the Analyst Queue Using indicators Using search Topic 2 – Working on Events Using the investigation page to work on events Use the heads-up display Set event status and other fields Use notes and comments How SLA affects event workflow Using artifacts and files Exporting events Executing actions and playbooks Managing approvals Topic 3 – Cases: Complex Events Use case management for complex investigations Use case workflows Mark evidence Running reports Pre-requisites Basic security operations knowledge Splunk Course Schedules and Timezones Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones. Dates and times displayed for each course are relative to Australian Eastern Time (AET). AM Marked Splunk Courses AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) PM Marked Splunk Courses PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas; UTC+10 including Australia (East Coast) UCT+11/+12 including New Zealand and the Pacific Islands UTC-8 including USA (West Coast), Canada (West Coast) UTC-7 including USA (Mid West) Investigating Incidents with Splunk SOAR - Upcoming Courses We don’t have any products to show here right now.

Splunk Education, Training and Professional Services Provider Other Courses Ingeniq is the Splunk Training Provider and Authorised Learning Partner for Australia and New Zealand and is certified to deliver the complete range of Splunk courses and modules and offers both Instructor led public and dedicated virtual and face-to-face courses. Splunk Education Instructor led multi-subject course training takes 4.5 to 18 hours or less to complete and contributes towards Splunk certifications. Have a question? Our Education Consultants can help - call us or email at sales@ingeniq.com.au and we'll be in touch. Call us on 1300 245 802 Advanced SOAR Implementation This 13.5 hour course is intended for experienced SOAR consultants who will be responsible for complex SOAR solution development, and will prepare the attendee to integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage. Read More Visualizing and Alerting in Splunk Infrastructure Monitoring This course assumes that you have completed the course Splunk Infrastructure Monitoring Fundamentals. It is targeted towards DevOps/SRE/Observability teams, Senior On-call Engineers, Onboarding and Monitoring Strategists and Developers Read More Fundamentals of Metrics Monitoring in Splunk Observability his course serves as the foundation for all other Splunk Observability courses. It is targeted towards DevOps/SRE/Observability teams, Senior On-call Engineers, Onboarding and Monitoring Strategists and Developers. Read More Kubernetes Monitoring with Splunk Observability Cloud This virtual course targeted to SREs and DevOps enables you to monitor and troubleshoot your Kubernetes clusters with Splunk Observability Cloud. Read More Advanced Dashboards and Visualizations with Splunk 8.1 This one-day course is designed for advanced users who want to create SplunkJS dashboards and Splunk Custom Visualizations. It focuses on creating dashboards, adding inputs, using event handlers and creating Splunk Custom Visualizations using JavaScript and XML. Read More Developing with Splunk's REST API 8.2 This nine hour course teaches you how to use the Splunk REST API to accomplish tasks interacting with Splunk servers. In this course, you will use curl and Python to send requests to Splunk REST endpoints and will learn how to parse and use the results. Read More Configuring Tracing and Profiling for Splunk APM This single subject course targeted to DevOps enables you to learn configuration techniques to send traces to Splunk APM. Through in-person discussions and hands-on activities, learn to deploy the Splunk OpenTelemetry Collector on a Linux host. Read More Building Apps with Splunk 8.2 This two-day course focuses on Splunk Enterprise app development. It's designed for advanced users, administrators, and developers who want to create apps for Splunk Enterprise and Splunk Cloud. Read More Manual Instrumentation with Splunk APM This single subject course targeted to developers enables you to manually instrument your applications to send traces to Splunk APM. Through in-person discussions and hands-on activities, learn to manually instrument applications to create spans and add metadata to spans. Read More Using Splunk Application Performance Monitoring This 1-virtual day course targeted to developers and DevOps enables you to use Splunk APM to analyze traces, troubleshoot and monitor your microservices-based applications. Read More One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration

Splunk Training Packs delivered by INGENIQ Splunk Training Packs Learn more, for less... Splunk Training Packs are a collection of courses that can be purchased together to complete a certification and save upto to 15%. Splunk Training Packs apply to both Certifications, Roles and Personas. If any of our Splunk Training packs don’t quite fit your requirements then simply build your own Splunk Training Pack! Call or email our Training Consultants on 1300 245 802 or sales@ingeniq.com.au Team Training Packs Ingeniq Training Packs can be purchased for Teams for significant discounts. Licensed for up to 12 person Teams any student after number 6 gets free training. Team Training Packs apply to both Certifications, Roles and Personas. If any of the packs don’t quite fit your team’s requirements then simply build your own Splunk Training Pack! Call or email our Training Consultants on 1300 245 802 or sales@ingeniq.com.au Please note that the discounted prices indicated below is for one student. Splunk Training Pack #1 1700 USD Splunk Core Certified User This certification demonstrates an individual's ability to perform basic searches, uses fields, creates alerts, uses look-ups, and creates basic statistical reports and dashboards. Courses Working with Time Statistical Processing Leveraging Lookups and Subsearches Search Optimisation Original Price : 2000 USD Splunk Training Pack #2 3400 USD Splunk Core Certified Power User This certification demonstrates an individual's ability to do SPL searching and reporting, create knowledge objects, use field aliases and calculated fields, create tags and event types. Courses Working with Time Statistical Processing Comparing Values Result Modification Correlation Analysis Creating Knowledge Objects Creating Field Extractions Data Models Original Price : 4000 USD Splunk Training Pack #3 1700 USD Splunk Core Certified Advanced Power User Original Price : 2000 USD This certification demonstrates an individual's ability to generate complex searches, reports, and dashboards with Splunk’s core software to get the most out of their data. Courses Multivalue Fields Enriching Data with Lookups Introduction to Dashboards Dynamic Dashboards Pre-requisite Splunk Core Certified Power User Splunk Training Pack #4 3188 USD Splunk Enterprise Certified Admin Original Price : 3750 USD This certification demonstrates an individual's ability to build and manage a production Splunk environment, administer licences, Install and configure forwarders and understand the basics of getting data into Splunk. Courses Pre-requisite Splunk Core Certified Power User Splunk Enterprise System Administration Splunk Enterprise Data Administration Splunk Training Pack #5 3400 USD Splunk Enterprise Certified Architect Original Price : 4000 USD This certification demonstrates an individual's ability to understand the Splunk Support Model and its resources, Identify the best practices for troubleshooting Splunk Enterprise, list ways to gather useful Splunk diagnostic information and use Splunk diagnostic tools Courses Troubleshooting Splunk Enterprise Cluster Administration Architecting Enterprise Deployments Pre-requisite Splunk Core Certified Power User Splunk Enterprise Certified Admin Splunk Training Pack #6 3400 USD Search Expert Faststart Original Price : 4000 USD Instructor-Led Training, covers over 60 commands and functions. Learn to compare, manipulate, and normalise data. Enrich search results with lookups and subsearches and analyze data from multiple datasets. Courses Working with Time Statistical Processing Comparing Values Result Modification Leveraging Lookups and Subsearches Correlation Analysis Multivalue Fields Search Optimization Splunk Training Pack #7 Build my Own Pack If any of our Splunk Training packs don’t quite fit your requirements then simply build your own Splunk Training Pack! You can build custom training packs for Individuals or for a team upto 12 people. Call or email our Training Consultants on 1300 245 802 or sales@ingeniq.com.au Register Your Interest First Name Last Name Email Phone Company Who is this training for * Required An Individual A Team Please choose a Training Pack * Required Splunk Core Certified User Splunk Core Certified Power User Splunk Advanced Power User Splunk Enterprise Certified Admin Splunk Enterprise Certified Architect Search Expert Faststart I would like to build a Training pack of my own Message Submit One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress. Participant, Splunk Enterprise Data Administration