Splunk Enterprise Security

What is the best way to learn how to use Splunk Enterprise?

Path Finder

So this post is more of a question in relation to how people have gained knowledge of using Splunk Enterprise as well as implementing it best for the environment. Have you gone through the Splunk training for Enterprise through their portal? Learn just by trial and error? Trying to find the best to better use ES in terms of building it out further with refined searches specifically for our needs.

Thanks in advance!

0 Karma
1 Solution

SplunkTrust
SplunkTrust

There's no exact best way of learning as everyone learns differently. From what I've seen most successful Splunker's have similar traits which include; not being fooled twice, lots of keyboard time, and raw smarts. Experience significantly grows when working in a team of other Splunker's and leveraging their knowledge to learn best practices.

As for myself, I've used Splunk almost daily for the last 5 years, so a lot came from experience. I started by inheriting a small Splunk deployment in an eCommerce environment and learned how to administer it, keep it stable, onboard logs, and applied basic SPL. I then left to work for a partner as a consultant and went through all the certifications, and now work in a much larger environment using Splunk 50+ hours a week. I support hundreds of Splunk users ranging from basic to advanced along with developing projects on the platform that help the business.

There's no real best way of learning, but rather gaining experience and staying up to date with the new features.

View solution in original post

0 Karma

Esteemed Legend

Splunk has very functional sandbox demo systems. Sign up for one and play around HARD. Click on everything. Try to break stuff. Try to edit it and see how it all works.

0 Karma

SplunkTrust
SplunkTrust

I've tried getting my buddies into Splunk with this approach and haven't had a lot of luck. I think it's more important to understand and define a problem that can be solved with using a tool like Splunk. Then the real knowledge of the tool will be gained and understood

0 Karma

SplunkTrust
SplunkTrust

There's no exact best way of learning as everyone learns differently. From what I've seen most successful Splunker's have similar traits which include; not being fooled twice, lots of keyboard time, and raw smarts. Experience significantly grows when working in a team of other Splunker's and leveraging their knowledge to learn best practices.

As for myself, I've used Splunk almost daily for the last 5 years, so a lot came from experience. I started by inheriting a small Splunk deployment in an eCommerce environment and learned how to administer it, keep it stable, onboard logs, and applied basic SPL. I then left to work for a partner as a consultant and went through all the certifications, and now work in a much larger environment using Splunk 50+ hours a week. I support hundreds of Splunk users ranging from basic to advanced along with developing projects on the platform that help the business.

There's no real best way of learning, but rather gaining experience and staying up to date with the new features.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

There is even a manual if you have inherited a deployment

SplunkTrust
SplunkTrust

Splunk documentation is the best out of most vendors i've used

0 Karma

Splunk Employee
Splunk Employee

Are you asking about Splunk Enterprise or Splunk Enterprise Security specifically?

Path Finder

Enterprise Security specific.

0 Karma

SplunkTrust
SplunkTrust
0 Karma

Path Finder

How do you get on Splunk's slack channel?

0 Karma