Splunk University
.conf19 | October 19–21, 2019 | The Venetian and Sands Expo | Las Vegas

Splunk University is a pre-conference educational training program (additional fees apply). See the full course catalog below, and be sure to check out our full Splunk Education offerings to get ready for Splunk University!
Education Class Dates
9:00AM - 5:30PM
Saturday, October 19, 2019
9:00AM - 5:30PM
Sunday, October 20, 2019
9:00AM - 5:30PM
Monday, October 21, 2019
The Cost to Attend Is
1 day of classes
$850
2 days of classes
$1500
3 days of classes
$2000

Splunk University 2019 Course Offerings

Saturday (10/19) - Monday (10/21)
Three-day Bootcamps

Power User Bootcamp

This three-day Bootcamp takes you from A-Z for a Splunk Power User. Start with basic searching and using fields, continue on to statistical, charting, and manipulating commands with Splunk’s Search Language to create meaningful reports and dashboards. You’ll also create and manage Splunk knowledge objects such as fields, alerts, data models, lookups, and macros. Finally, you’ll learn how to conform your knowledge objects to Splunk’s Common Information Model (CIM).

Splunk Enterprise Administrator Bootcamp

This three-day Bootcamp prepares administrators to configure and manage Splunk. Topics include installation, configuring data inputs and forwarders, data management, user accounts, licenses, and troubleshooting and monitoring. The focus of this class is the knowledge, best practices, and configuration details for Splunk administration in a medium to large distributed deployment environment.

Splunk Enterprise Advanced Administrator Bootcamp

This three-day Bootcamp combines content from the Troubleshooting Splunk Enterprise and Splunk Cluster Administration courses. Designed for experienced Splunk administrators, It covers topics and techniques for troubleshooting a distributed deployment using the tools available on Splunk Enterprise, Splunk’s internal logging system, and takes a deeper dive into Splunk’s pipelines and processors. It also provides training on deploying and managing Splunk Search Head Clusters and Indexer Clusters.

Splunk App Developer Bootcamp

This three-day Bootcamp combines content from Advanced Dashboards and Visualizations, Building Splunk Apps, and Developing with Splunk’s Java and Python SDKs. You will learn to create compelling and interactive dashboards, forms, and visualizations, as well as use 3rd party visualization libraries. You will also learn about Splunk’s app directory structure, and Web Framework. You’ll learn to interact directly with the Splunk REST API, and also learn best practices for development.

Splunk Enterprise Large Scale Deployment Bootcamp

This three-day Bootcamp combines content from Splunk Enterprise Cluster Administration, Splunk Workload Management, and Implementing Splunk SmartStore. Designed for experienced Splunk administrators, you will learn to implement and manage Splunk indexer and search head clusters, Splunk’s workload management features to define workload pools and rules and allocate resources, and Splunk SmartStore to leverage external storage so you can scale compute and storage resources separately.

Sunday (10/20) - Monday (10/21)
Two-day Bootcamps

ITSI Bootcamp

This two-day Bootcamp combines content from Using ITSI and Implementing ITSI.  It prepares you to install and configure Splunk's app for IT Service Intelligence (ITSI). You will learn to use ITSI to monitor mission-critical services. You’ll also learn about ITSI architecture, deployment planning, installation, service design and implementation, configuring entities, notable events, and developing glass tables and deep dives.

Splunk Enterprise Security for Security Analysts

This two-day Bootcamp includes content from Using Splunk Enterprise Security.  It prepares security practitioners to use Splunk Enterprise Security (ES). You will use ES to identify and track security incidents, analyze security risks, use predictive analytics, threat discovery, and create glass tables.

Splunk Enterprise Security for Splunk Administrators

This two-day Bootcamp prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Analytics and Data Science Bootcamp

This two-day Bootcamp is for Splunk users who want to perform more scientific analysis on their data. It covers Exploratory Data Analysis, Machine Learning, Using Algorithms to Build Models, Transactional Analysis, Anomaly Detection, Estimation and Prediction, Classification, and more.

Splunk Data Administration Bootcamp

This two-day Bootcamp is designed for Splunk Enterprise and Cloud administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components. Suitable for both Splunk Cloud and Splunk Enterprise customers.

Splunk Fundamentals 2 Bootcamp

This two-day Bootcamp focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).

Splunk Fundamentals 3 Bootcamp

This course focuses on additional search commands as well as advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.

Advanced Searching and Reporting Bootcamp

This course focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Major topics include the Splunk search process, using sub-searches, additional statistical commands and functions, formatting and calculating results, charting commands and options, and advanced event correlation.

Splunk Phantom Bootcamp

This course prepares Splunk Phantom customers to implement, administer Splunk Phantom as well as plan, design, create and debug playbooks.

Offered Saturday, Sunday or Monday
Single-day Classes

Advanced Dashboards and Visualizations
SATURDAY ONLY

This course is designed for advanced users who want to create SplunkJS-based dashboards and forms. It focuses on creating dashboards, adding inputs, using event handlers and creating Splunk Custom Visualizations.

Creating Splunk Dashboards

This course is designed for power users who want to create fast and efficient views that include customized charts, drilldowns, advanced behaviors and visualizations. Major topics include using tokens, global searches, event handlers, dynamic drilldowns and simple XML extensions for JavaScript and CSS.

Working with Splunk Metrics
SATURDAY ONLY

Use Splunk Enterprise to onboard and analyze metrics data. Learn how to use the Metrics Workspace to easily visualize and correlate your metrics data to event data.

Splunk Workload Management
SATURDAY ONLY

This course provides the fundamentals of using the Workload Management (WLM) feature in Splunk. Learn about WLM concepts and features, requirements to configure WLM in the Splunk environment, using workload pools and rules, and allocating WLM resources.

Implementing Splunk SmartStore
SATURDAY ONLY

This course is designed for the experienced Splunk system administrators. This hands-on class is designed to provide the essential knowledge for deploying and managing Splunk SmartStore. It covers SmartStore deployment options, cache manager configurations, monitoring, and troubleshooting of SmartStore implementation.

Prerequisites:

Working knowledge of:

  • Linux OS commands
  • Editing Splunk configuration files with vi or nano
  • Splunk index life-cycle and bucket transitions
  • Splunk Indexer cluster concept

Content:

Troubleshooting Splunk Enterprise

This course is designed for Splunk administrators. It covers techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise. In this lab-oriented class you will gain troubleshooting experience by debugging a distributed Splunk Enterprise environment using the live system and simulated case logs.

Architecting Splunk Enterprise Deployments

This course takes a deep dive into large enterprise distributed deployments.  Learn best practices for planning, sizing and managing your Splunk deployment.  In this workshop-style course, you will design a Splunk architecture based on a set of customer requirements.