Didn't Pass Splunk User Exam

GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
I just took the online Splunk Fundamentals class and read through the document they sent out. I thought I didn't need to prepare much for the test. How hard could a free test be? Well, it was a little harder than I thought. I do not have any Splunk experience. All I did was read the documents and do the labs they recommended. Well, I have to wait 5 days to retake the test. I got a 70% and needed 75%.

Anyone else take the test? I saw another thread that listed a few resources for Splunk training. Doesn't look like there is too much out there that is free.
«1

Comments

  • kabooterkabooter Posts: 115Member
    There are quite a few videos on youtube. Not sure if udemy has anything
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    I took the user exam a week ago and passed. The user test is MUCH harder than people think it will be, especially for it being an open book test. The answers to many of the questions asked will not be in the pdf document provided. Finding the answer will require more hands on experience with Splunk and carefully taking notes from the videos. I also started the power user course this week.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    It was harder than I thought it would be. I have been studying for the CISSP and I thought I could cram this test in on the side. I'm kind of in a time crunch for CISSP but I needed to get the Splunk test done. I'll spend a little more time on Splunk so I can pass it this time. I signed up for a Splunk Udemy class too which seems fairly good so far.

    @McxRisley what do you think of the Power User course?
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    It is very good so far, it focuses more on the backend of Splunk than the user course did and gets A LOT deeper into more advanced commands and their usage. I am on module 7 of 15 right now, so I should be taking the exam next week. Also just so you are aware, the power user course is $2000 (it was free for me through my company).
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • cyberguyprcyberguypr Senior Member Posts: 6,590Mod Mod
    I would say that all courses are good. Some food for thought: the problem I keep seeing is that a lot of people go through the courses and then are failing to apply knowledge. My team is an early Splunk adopter (security analytics perspective) at my company and now that it has gone mainstream (in our company) we have tons of people that take the training and can't put two and two together after. They expect us to train them , do advanced queries, etc and that is time that simply does not exist for us. Practicing after taking the courses is ESSENTIAL. Do the cloud trial or download Splunk Light, deploy it, throw some data at it, and play around. Otherwise stuff fades away quickly.
  • GirlyGirlGirlyGirl Posts: 219Member
    GeekyChick wrote: »
    I just took the online Splunk Fundamentals class and read through the document they sent out. I thought I didn't need to prepare much for the test. How hard could a free test be? Well, it was a little harder than I thought. I do not have any Splunk experience. All I did was read the documents and do the labs they recommended. Well, I have to wait 5 days to retake the test. I got a 70% and needed 75%.

    Anyone else take the test? I saw another thread that listed a few resources for Splunk training. Doesn't look like there is too much out there that is free.

    Did you do the official Splunk course through Splunk or one of the other (101) Splunk training providers online?

    The official Splunk training comes with Splunk Enterprise. It is a 60 day or 90 day trial, I don't remember. Whatever the case, you have a plethora of labs that can be done with the course. Please tell me you used the Official Spunk training...

    What I will also say is some of the questions repeat themselves on the exam retakes.

    While I am here, what I suggest:
    1. It's an open book exam. Take notes. When I took the exam I just did a CTRL+ F and searched for keywords. I found a good portion of the answers in my notes.

    2. If you didn't take notes for an open book exam ........ Well, I will assume you took notes.

    Just go through whatever material you decide and take notes. My notes from the official material were a lifesaver..like the candy.
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    According to the rules, she would have had to of done the official Splunk training in order to take certification exam. Also the exam has changed recently from what I found online, it used to be 50 questions and now it is not. I found more answers in my notes from the videos than I did from the pdf document.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    Yes, I did the Fundamentals class from Splunk's website. I did take notes and did only the labs from the Fundamentals class, which apparently wasn't enough for me. I was trying to cram it in before I start a new job. I thought how hard could a free test be. I tried to answer the questions on the test as much as I could from memory which wasn't a great idea. I won't do that next time.

    I did install Splunk and I remember from my class after 60 days it converts to a Free License. icon_wink.gif I do remember something.

    There's a lot more to Splunk than what I thought. I thought it might just be some regex, but it's so much more. I could see that it would be very useful and I kind of like it.
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    I did what most SANS people do and made an index of the pdf document so that I could quickly search it if I needed to. The same words are used hundreds of times in the document so simply doing ctrl+f isn't really going to work very well, especially when you have just over a minute to answer each question.

    Ya, Splunk is a VERY powerful tool. It has so much more capabilities than what most places use it for (log aggregation).
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    McxRisley wrote: »
    I did what most SANS people do and made an index of the pdf document so that I could quickly search it if I needed to. The same words are used hundreds of times in the document so simply doing ctrl+f isn't really going to work very well, especially when you have just over a minute to answer each question.Ya, Splunk is a VERY powerful tool. It has so much more capabilities than what most places use it for (log aggregation).
    Thanks for the tip.
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    Wanted to drop in and give an update on the Power User course.I took the exam yesterday and passed. I actually found it to be a bit easier than the user exam, probably because I have a better grasp on the commands and how Splunk works now than I did when I took the user exam. Next up is the 2 admin courses.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • DatabaseHeadDatabaseHead Posts: 2,287Member ■■■■■■■■□□
    Looking at getting into Splunk. Networked with a director at my company and they like my SQL background and wanted to get me into Splunk reporting and analysis.

    I appreciate all the heads up. I told him I had no security certs, didn't matter. It would be a promo, going to check it out. PS thanks for all the good content.
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    McxRisley wrote: »
    Wanted to drop in and give an update on the Power User course.I took the exam yesterday and passed. I actually found it to be a bit easier than the user exam, probably because I have a better grasp on the commands and how Splunk works now than I did when I took the user exam. Next up is the 2 admin courses.

    Congrats! That's good to know. How long did it take to study for the Power User? Did you do the online Splunk course? It looks like you pay for the course but the test is free, right? I'll be taking it eventually but I don't have time to do it right now.

    Happy to say, I passed the User exam on the second attempt. They make you wait 5 days and think about how dumb you were, I mean study. icon_wink.gif I got a 90%.
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    I'm not sure how the course fee and exam work for non-partners. I know that the Power User course is $2000 for a normal person. I took the online course and it took me about 2 weeks to go through all of the materials and do a bit of studying but I also kinda dragged my feet on it.

    I am signing up for the 2 admin courses today, which unlike the others you MUST attend virtually or in person to take. There are 2 courses that last 4.5 hours a day for 2 days each that you must complete before attempting the admin exam. I am hoping to have this all done within the next couple of weeks.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • DatabaseHeadDatabaseHead Posts: 2,287Member ■■■■■■■■□□
    McxRisley wrote: »
    I'm not sure how the course fee and exam work for non-partners. I know that the Power User course is $2000 for a normal person. I took the online course and it took me about 2 weeks to go through all of the materials and do a bit of studying but I also kinda dragged my feet on it.

    I am signing up for the 2 admin courses today, which unlike the others you MUST attend virtually or in person to take. There are 2 courses that last 4.5 hours a day for 2 days each that you must complete before attempting the admin exam. I am hoping to have this all done within the next couple of weeks.

    Gratz on the pass Geeky I know you have been working hard.

    McXRisley, that is dang expensive!
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    Gratz on the pass Geeky I know you have been working hard.

    McXRisley, that is dang expensive!

    Thank you DBHead! I feel like all I do is study. BUT it paid off, I got a job doing cybersecurity. It's exactly what I want to do and I'm super-excited!

    @McXRisley - Thanks for the information. Congrats to you for getting to do all the courses and for your Power User cert!
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    So as of a couple of hours ago I just passed my Splunk Admin exam. This exam was much easier than the previous 2 for me just because I have a much better grasp on how the components work and how to configure everything in Splunk.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • TheFORCETheFORCE Posts: 2,224Member
    Are these Splunk exams free?
  • DatabaseHeadDatabaseHead Posts: 2,287Member ■■■■■■■■□□
    GeekyChick wrote: »
    Thank you DBHead! I feel like all I do is study. BUT it paid off, I got a job doing cybersecurity. It's exactly what I want to do and I'm super-excited!

    That's fantastic!
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    TheFORCE wrote: »
    Are these Splunk exams free?

    The user course and exam is the only one that is free to everyone, BUT the power user and admin courses/exam will cost you around $5500 if your company is not a Splunk Partner. Also, the courses have to be completed in order and require you to complete the labs before attempting the exam. So for example, you can not just take the admin course, you have to take the user and power user courses/exams first.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • TheFORCETheFORCE Posts: 2,224Member
    cool, thanks!
  • GettingThereSoonGettingThereSoon Posts: 19Member ■□□□□□□□□□
    Just passed 2 cert exams today...1st one is AWS Solution Architect - Associate in the morning, then 2nd one Splunk Certified User in the afternoon. The 45 questions in Splunk exam were much harder than the 35 questions in the course's final quiz. It is different from AWS exam that you can't go back to previous questions so no need to rush.

    The next exam coming up is the Splunk Certified Power User. Our company has the subscription, so it is "free" for us to take the course and the exam.

    Update (4/15/201icon_cool.gif: Passed Certified Power User exam today. Had about 10 min left when finishing last question. There were some tricky questions in the beginning (similar to the User exam) and got easier towards the end.
  • senthilnathan ganesansenthilnathan ganesan Posts: 1Registered Users ■□□□□□□□□□
    Hi All,

    I need to do Splunk certification and where I need to take the course online...
  • thedudeabidesthedudeabides Posts: 86Member ■■□□□□□□□□
    Didn't even know about this. I'll give it a go after I'm done with the cert I'm currently working on.
    2018 Goals: CCNP Route
    2019 Goals: CCNP Switch & TS
  • jamshid666jamshid666 Posts: 47Member ■■■□□□□□□□
    I just passed this exam about an hour ago. And, after passing it, I read the comments that it was open-book, so I could have scored higher had I known that. But, a pass is a pass, so I'm not going to worry about it. Now, on to Fundamentals II and the Splunk Power User certification.
    WGU BS - Network Operations and Security Estimated completion: May 2019
    Remaining courses: C846 (ITIL), C175 (OA), C779 (CIW Site Dev Associate), C768 (OA), C917 (CCDA), C176 (Project+), C849 (Cloud Essentials), C299 (CCNA-SEC), C850 (OA), C769 (Capstone)
    Active Certifications: A+, CCDA, CCNA-R&S, i-Net+, Network+, Security+, Server+, Splunk Certified User, VCP-DCV
    Expired Certifications: CCNP, LPIC-1, MCSERHCSE,
  • SplunkFreakSplunkFreak Posts: 3Registered Users ■□□□□□□□□□
    I have taken all the classes up through Architecting Splunk deployments, I have gotten the email to take the sys admin exam, so I am just brushing up on the Data Admin class before i take it, I hear it is 80% of the exam. but the power user exam was very hard lots of syntax questions. After I pass the Sys Admin cert, I will be taking the Implementation Fundamentals exam then I will be an Accredited Splunk Service engineer, after that I will be going to the Core Implementation class, then the Core Implementation exam, Then i will get Accredited Splunk Core Implementation cert, then will be the Consultants Fundamentals Course then the exam then finally I will get my Splunk Consultant 1 cert. and hopefully be done, I feel like i have been to college again!! ha!
  • SplunkFreakSplunkFreak Posts: 3Registered Users ■□□□□□□□□□
    that is funny I have been categorizing the pdf in a sqlite3 database from the pdf for faster reference with a b4j programing front-end with drop down boxes and data list
  • riccardoslriccardosl Posts: 5Member ■□□□□□□□□□
    I attempted the foundamentals 1 exam today aswell, didn't pass, much more difficult than expected and some experience is needed

    I'll try again after reviewing my lower topics
  • GeekyChickGeekyChick Posts: 308Member ■■■■□□□□□□
    riccardosl wrote: »
    I attempted the foundamentals 1 exam today aswell, didn't pass, much more difficult than expected and some experience is needed

    I'll try again after reviewing my lower topics

    It was harder than expected and I don't think the class prepared you for everything that was on the test. I bought a Udemy course and took that and practiced more on my own. A tip someone gave me about Splunk courses is that if they reference more material available in another place you should read it. Most courses aren't like that. I'm going to try that when I go on to Power User next. Best of Luck!
  • DillardoDillardo Posts: 4Registered Users ■□□□□□□□□□
    GeekyChick wrote: »
    It was harder than I thought it would be. I have been studying for the CISSP and I thought I could cram this test in on the side. I'm kind of in a time crunch for CISSP but I needed to get the Splunk test done. I'll spend a little more time on Splunk so I can pass it this time. I signed up for a Splunk Udemy class too which seems fairly good so far.

    @McxRisley what do you think of the Power User course?

    Which Udemy class did you go with? Did it help you pass?
«1
Sign In or Register to comment.