Solved: What is the best way to learn how to use Splunk En...

Crashfry · ‎11-20-2018

So this post is more of a question in relation to how people have gained knowledge of using Splunk Enterprise as well as implementing it best for the environment. Have you gone through the Splunk training for Enterprise through their portal? Learn just by trial and error? Trying to find the best to better use ES in terms of building it out further with refined searches specifically for our needs.

Thanks in advance!

skoelpin · ‎11-20-2018

There's no exact best way of learning as everyone learns differently. From what I've seen most successful Splunker's have similar traits which include; not being fooled twice, lots of keyboard time, and raw smarts. Experience significantly grows when working in a team of other Splunker's and leveraging their knowledge to learn best practices.

As for myself, I've used Splunk almost daily for the last 5 years, so a lot came from experience. I started by inheriting a small Splunk deployment in an eCommerce environment and learned how to administer it, keep it stable, onboard logs, and applied basic SPL. I then left to work for a partner as a consultant and went through all the certifications, and now work in a much larger environment using Splunk 50+ hours a week. I support hundreds of Splunk users ranging from basic to advanced along with developing projects on the platform that help the business.

There's no real best way of learning, but rather gaining experience and staying up to date with the new features.

View solution in original post

woodcock · ‎11-20-2018

Splunk has very functional sandbox demo systems. Sign up for one and play around HARD. Click on everything. Try to break stuff. Try to edit it and see how it all works.

skoelpin · ‎11-20-2018

I've tried getting my buddies into Splunk with this approach and haven't had a lot of luck. I think it's more important to understand and define a problem that can be solved with using a tool like Splunk. Then the real knowledge of the tool will be gained and understood

skoelpin · ‎11-20-2018

There's no exact best way of learning as everyone learns differently. From what I've seen most successful Splunker's have similar traits which include; not being fooled twice, lots of keyboard time, and raw smarts. Experience significantly grows when working in a team of other Splunker's and leveraging their knowledge to learn best practices.

As for myself, I've used Splunk almost daily for the last 5 years, so a lot came from experience. I started by inheriting a small Splunk deployment in an eCommerce environment and learned how to administer it, keep it stable, onboard logs, and applied basic SPL. I then left to work for a partner as a consultant and went through all the certifications, and now work in a much larger environment using Splunk 50+ hours a week. I support hundreds of Splunk users ranging from basic to advanced along with developing projects on the platform that help the business.

There's no real best way of learning, but rather gaining experience and staying up to date with the new features.