Skill Level

Area of Expertise Beginning Intermediate Advanced
  • Keyword searches (basic Google knowledge)
  • Time ranges, booleans, key, value pair searching
  • Concepts of source, source type, and host and other fields
  • Tags, saving reports, creating alerts
  • Basic reporting, top, timechart, simple stats commands and eval.
  • Event types, workflow actions, basic form search, basic report acceleration.
  • Data normalization(CIM)
  • Building a series of interconnected dashboards/an entire app
  • More complex use cases with stats, eventstats, totals etc.
  • Transactions, and other complex search patterns/results.
  • Report acceleration, summary indexing, tstats.
  • Getting Splunk reports/data outside of Splunk and into other tools.
  • Data input filtering with regex/configs
  • Complex statistical questions--measure, report, and alert based on standard deviations, etc.
  • Work closely with Splunk Admins on data acquisition.
  • Non-traditional API-based searching
  • All-in-one Splunk with just forwarders
  • Use of deployment server to deploy to UF/HWFs only
  • Single serverclass.conf file
  • Distributed, but no clustering or search head pooling
  • Use of deployment server to maintain apps on SH/indexers (outside of clustering), surgical DS reloading
  • Load balancing forwarders
  • Search head pooling
  • Clustering
  • Multi-site clusters
  • Use of deployment server to store configs for apps in git or other source-control system
  • Multiple DSs behind load balancers
  • Self-updating deploymentclient.confs
  • SSL keys et al
Development Building stuff in Splunk Web:
  • Creating Simple XML dashboards and forms
  • Creating a native Splunk app from the built-in templates
Editing simple XML and using simple XML extensions:
  • Dynamic drilldowns
  • Tokens
  • Pan & zoom
  • Post-process searches
  • Using external libraries
  • Using custom CSS
  • TAs
Working with SplunkJS, Django bindings, SDKs:
  • Creating a Splunk Web app using SplunkJS/Django bindings
  • Tokens and data binding
  • Search managers
  • Page templates
  • Event handlers
  • Splunk diagnostic tools
  • Creating a "standalone" app
  • Using the SDKs
  • Modular inputs