Splunk Enterprise

What technologies or languages are recommended to become an expert in Splunk?

chskm
Path Finder

Currently I have a very good knowledge in the following languages/technologies:
1. C/C++
2. Javascript
3. Python (Working Experience)
4. Shell scripting (Working experience)
5. Splunk administration (LINUX platform)

Are there any other technologies/languages that are needed/recommended to become an expert in Splunk?

0 Karma
1 Solution

lguinn2
Legend

People generally install and use Splunk because they have a lot of unstructured data that they want to index and analyze. While this data can come from any source, Splunk is often used for machine data. So one key requirement is "know the data that you want to collect and analyze." Since you have to collect the data, it is also helpful to have a working understanding of networking, but setting the network configurations in Splunk is generally a matter of knowing which ports the network admins have assigned to you.

You don't need to know any programming language at all to use or administer Splunk. You can write scripts for Splunk to execute, but this is entirely optional. It can be useful to write simple scripts to automate the installation of Splunk across a large number of servers, but sample scripts exist in the documentation and on the forums.

Splunk does not need any deep integration with the OS/server where it is installed. It uses standard filesystems and does not require special privileges to run. On a Linux box, you need to be able to set ulimits and to disable Transparent Huge Pages. Besides that, all you need (on any platform) is the ability to create, manage and secure files and directories. Pretty basic stuff.

A working knowledge of regular expressions is very useful, especially for a Splunk administrator. There are tools that can help, but your mind can create a better regex than any tool, if you have a good understanding of your data.

Learn Splunk. Take the tutorials. Watch the videos. Read the manuals. Practice doing what the tutorials and manuals suggest.
Take a class, or several. (Disclaimer: I teach classes for Splunk.)

Once you actually have practical Splunk skills (and even before), you can get a huge benefit from attending the Splunk annual conference, called .conf
If you can't attend .conf, you can watch many of the presentations and download slides from past years. Go to conf.splunk.com

View solution in original post

lguinn2
Legend

People generally install and use Splunk because they have a lot of unstructured data that they want to index and analyze. While this data can come from any source, Splunk is often used for machine data. So one key requirement is "know the data that you want to collect and analyze." Since you have to collect the data, it is also helpful to have a working understanding of networking, but setting the network configurations in Splunk is generally a matter of knowing which ports the network admins have assigned to you.

You don't need to know any programming language at all to use or administer Splunk. You can write scripts for Splunk to execute, but this is entirely optional. It can be useful to write simple scripts to automate the installation of Splunk across a large number of servers, but sample scripts exist in the documentation and on the forums.

Splunk does not need any deep integration with the OS/server where it is installed. It uses standard filesystems and does not require special privileges to run. On a Linux box, you need to be able to set ulimits and to disable Transparent Huge Pages. Besides that, all you need (on any platform) is the ability to create, manage and secure files and directories. Pretty basic stuff.

A working knowledge of regular expressions is very useful, especially for a Splunk administrator. There are tools that can help, but your mind can create a better regex than any tool, if you have a good understanding of your data.

Learn Splunk. Take the tutorials. Watch the videos. Read the manuals. Practice doing what the tutorials and manuals suggest.
Take a class, or several. (Disclaimer: I teach classes for Splunk.)

Once you actually have practical Splunk skills (and even before), you can get a huge benefit from attending the Splunk annual conference, called .conf
If you can't attend .conf, you can watch many of the presentations and download slides from past years. Go to conf.splunk.com

chskm
Path Finder

Thanks for the information. Currently I am working as a Splunk adminstratot and got certified admin recently. Once again thank you so much.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...