- Keyword searches (basic Google knowledge)
- Time ranges, booleans, key, value pair searching
- Concepts of source, source type, and host and other fields
- Tags, saving reports, creating alerts
- Basic reporting, top, timechart, simple stats commands and eval.
- Event types, workflow actions, basic form search, basic report acceleration.
- Data normalization(CIM)
- Building a series of interconnected dashboards/an entire app
- More complex use cases with stats, eventstats, totals etc.
- Transactions, and other complex search patterns/results.
- Report acceleration, summary indexing, tstats.
- Getting Splunk reports/data outside of Splunk and into other tools.
- Data input filtering with regex/configs
- Complex statistical questions--measure, report, and alert based on standard deviations, etc.
- Work closely with Splunk Admins on data acquisition.
- Non-traditional API-based searching
- All-in-one Splunk with just forwarders
- Use of deployment server to deploy to UF/HWFs only
- Single serverclass.conf file
- Distributed, but no clustering or search head pooling
- Use of deployment server to maintain apps on SH/indexers (outside of clustering), surgical DS reloading
- Load balancing forwarders
- Search head pooling
- Multi-site clusters
- Use of deployment server to store configs for apps in git or other source-control system
- Multiple DSs behind load balancers
- Self-updating deploymentclient.confs
- SSL keys et al
||Building stuff in Splunk Web:
- Creating Simple XML dashboards and forms
- Creating a native Splunk app from the built-in templates
|Editing simple XML and using simple XML extensions:
- Dynamic drilldowns
- Pan & zoom
- Post-process searches
- Using external libraries
- Using custom CSS
|Working with SplunkJS, Django bindings, SDKs:
- Creating a Splunk Web app using SplunkJS/Django bindings
- Tokens and data binding
- Search managers
- Page templates
- Event handlers
- Splunk diagnostic tools
- Creating a "standalone" app
- Using the SDKs
- Modular inputs