Training + Certification Discussions

Is there an efficient way to learn Splunk?

dpadams
Communicator

I've used Splunk a couple of times now and end up evangelizing for it whenever I can. At the same time, I end up feeling pretty ignorant about Splunk most of the time. I'm often stumbling across features or hearing about them as part of an answer to a question. Case in point: I was just told about xyseries and stumbled across cdata.

Searhing through the docs and splunkbase, the materials and commentary are these features (and others) is often pretty thin. The docs I do find are usually well written and accurate - but thin. Am I missing something obvious? There doesn't seem to be a book about Splunk anywhere and yet there are clearly people that know every nook and cranny of the product.

Is there some maximally efficient way to learn Splunk? I've never found digging through other people's examples to work very well for me. Hoepfully, there's a huge manual somewhere that I've managed not to see.

Thanks for any advice or suggestions.

Tags (1)
1 Solution

carasso
Splunk Employee
Splunk Employee

The Splunk book is out.

The ePub (iPad, etc) version is available now, for free at http://splunkbook.com

The hard copy should be available in about 2 weeks at Amazon.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

See also the hungry newbie post.

vnakra_splunk
Splunk Employee
Splunk Employee

This is an old thread but gets a lot of views, so for completeness, here's a newer post with some newer resources. https://answers.splunk.com/answers/372126/are-there-any-other-online-collections-of-splunk-s.html

carasso
Splunk Employee
Splunk Employee

The Splunk book is out.

The ePub (iPad, etc) version is available now, for free at http://splunkbook.com

The hard copy should be available in about 2 weeks at Amazon.

lguinn2
Legend

Hi - Splunk can handle structured files, but that is not what it was designed for. Splunk was designed to handle large volumes of timestamped unstructured data, without a schema. As people apply Splunk to more & more use cases, needs like yours arise and Splunk is evolving to address a wider audience.
This community is hundreds of people who who are freely contributing their time to help others apply Splunk efficiently. Please let us know how we can help you.
And for the price you are paying, for the book and the help - it's a bargain!

0 Karma

NearlyNormal
New Member

The book misses the point that most Splunk documentation seems to be missing: the arcane art of importing data into Splunk.

Splunk seems to croak with simple CSV and TSV files, does not allow me any simple way (as even Excel does from 20 years ago) to indicate my column structure without the use of a dozen .cfg config files.

This is Chapter 2 in the book, a woeful half-attempt at anything useful. Merely asks us to download data from the book website and move on with "searching". Sorry, dear author, please spend a little time dealing with this in the next version.

0 Karma

araitz
Splunk Employee
Splunk Employee

I have heard some rumblings about a book, but nothing official....

0 Karma

dpadams
Communicator

I don't mind the sales pitch at all. While my main customer is a huge company in the US, I live in rural Australia. Sydney is about 6 hours away and Melbourne around 11 hours. A big town around here is anything around 9,000 people and up. So. I'm keen on on-line resources 😉 I would love to attend a Splunk conference if I can find the time and money.

Is anyone planning a Splunk book?

mikelanghorst
Motivator

As far as finding new commands, listening to the SplunkTalk podcast even some of their long term SE's still stumble upon features they didn't know about. So I wouldn't be surprised to keep finding new commands, even though it's 4.x it's still a fast moving product. I've always thought their docs were pretty complete and as long as I didn't go in expecting it to mean something it's been pretty clear as well.

0 Karma

splunk4all
New Member

Is there an updated version of the book? I would really like to learn/use the product.

0 Karma

lguinn2
Legend

Sorry, I just had to comment, hope it wasn't too much of a sales pitch

0 Karma

lguinn2
Legend

I am a Splunk instructor, so I am biased. We offer great online classes with live instructors & hands-on labs. See Splunk Education http://www.splunk.com/view/education/SP-CAAAAH9

Both the Using Splunk class & the Searching and Reporting class are packed with Splunk features and commands

There are also videos; most are short, so they can only get into one topic at a time. http://www.splunk.com/videos

Another free resource is Splunk Live; we have events around the country. They usually have informal training from a splunk expert

Finally, attend Splunk .conf in Las Vegas September 2012!

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...