Splunk University
.conf18 | 1-4 October 2018 | Walt Disney World Swan and Dolphin Resort | Orlando, FL

Splunk University is a pre-conference educational training program (additional fees apply). See the full course offerings from Splunk University 2018 below, and be sure to check out our full Splunk Education offerings to get ready for Splunk University next year!

Splunk University 2018 Course Offerings

Saturday (9/29) - Monday (10/1)
Three Day Bootcamps

Power User Bootcamp

This three-day Bootcamp takes you from A-Z for a Splunk Power User.  Start with basic searching and using fields, then continue on to statistical, charting, and manipulating commands with Splunk’s Search Language to create meaningful reports and dashboards.  You’ll also create and manage Splunk knowledge objects such as fields, alerts, data models, lookups and macros. Finally, you’ll learn how to conform your knowledge objects to Splunk’s Common Information Model (CIM).

Administrator Bootcamp

This three-day Bootcamp prepares administrators to configure and manage Splunk. Topics include installation, configuring data inputs and forwarders, data management, user accounts, licenses, and troubleshooting and monitoring. The focus of this class is the knowledge, best practices and configuration details for Splunk administration in a medium to large distributed deployment environment.

Advanced Administrator Bootcamp

This three-day Bootcamp combines content from the Troubleshooting Splunk Enterprise and Splunk Cluster Administration courses. Designed for experienced Splunk administrators, it covers topics and techniques for troubleshooting a distributed deployment using the tools available on Splunk Enterprise, Splunk’s internal logging system, and takes a deeper dive into Splunk’s pipelines and processors.  It also provides training on deploying and managing Splunk Search Head Clusters and Indexer Clusters.

App Developer Bootcamp

This three-day Bootcamp combines content from Advanced Dashboards and Visualizations, Building Splunk Apps, and Developing with Splunk’s Java and Python SDKs.  You will learn to create compelling and interactive dashboards, forms and visualizations, as well as use 3rd party visualization libraries. You will also learn about Splunk’s app directory structure, and Web Framework. You’ll learn to interact directly with the Splunk REST API, and also learn best practices for development.



ITSI Bootcamp

This three-day Bootcamp combines content from Using ITSI and Implementing ITSI.  It prepares you to install and configure Splunk's app for IT Service Intelligence (ITSI). You will learn to use ITSI to monitor mission-critical services. You’ll also learn about ITSI architecture, deployment planning, installation, service design and implementation, configuring entities, notable events, and developing glass tables and deep dives.

Sunday (9/30) - Monday (10/1)
Two Day Bootcamps

Splunk Enterprise Security for Security Analysts

This two-day Bootcamp includes content from Using Splunk Enterprise Security.  It prepares security practitioners to use Splunk Enterprise Security (ES). You will use ES to identify and track security incidents, analyze security risks, use predictive analytics, discover threats and create glass tables.

Analytics and Data Science Bootcamp

This two-day Bootcamp is for Splunk users who want to perform more scientific analysis on their data. It covers Exploratory Data Analysis, Machine Learning, Using Algorithms to Build Models, Transactional Analysis, Anomaly Detection, Estimation and Prediction, Classification and more.

Splunk Data Administration Bootcamp

This two-day Bootcamp is designed for Splunk Enterprise and Cloud administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring and troubleshooting of Splunk forwarders and Splunk Deployment Server components. Suitable for both Splunk Cloud and Splunk Enterprise customers.

Splunk Fundamentals 2 Bootcamp


This two-day Bootcamp focuses on searching and reporting commands as well as on the creation of knowledge objects.  Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).


Advanced Searching Bootcamp

This course focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Major topics include the Splunk search process, using sub-searches, additional statistical commands and functions, formatting and calculating results, charting commands and options and advanced event correlation.

Splunk Enterprise Security for Administrators

This two-day Bootcamp prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Offered Saturday, Sunday or Monday
Single day courses

Advanced Dashboards and Visualizations

This course is designed for power users who want to create compelling and interactive dashboards, forms, and visualizations. Its emphasis is on editing simple XML, using post-process searches and dynamic drilldowns.  Students will also learn how to build visualizations that use third-party chart libraries and custom stylesheets.

Troubleshooting Splunk Enterprise

This course is designed for Splunk administrators. It covers techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise. In this lab-oriented class you will gain troubleshooting experience by debugging a distributed Splunk Enterprise environment using the live system and simulated case logs.

Architecting Splunk Enterprise Deployments

This course takes a deep dive into large enterprise distributed deployments.  Learn best practices for planning, sizing and managing your Splunk deployment.  In this workshop-style course, you will design a Splunk architecture based on a set of customer requirements.


Developing with Splunk’s REST API

This course teaches you to use Splunk's REST API to bring new data into Splunk, remotely create and interact with Splunk objects such as ad-hoc and saved searches, and more. Learn to interact directly with the Splunk REST API and learn best practices for development.


Recommended prerequisites:


  • Developing with Splunk’s REST API