Splunk Fundamentals II class (review)

--chris--

I just completed the 4 day "Fundamentals II" splunk class, I have yet to take the certification that goes with this class but feel I can describe the class pretty well to give others an idea of what you can expect.

Class delivery is 100% online, delivered with a live trainer. In my instance the trainer was formerly an internal splunk developer and REALLY knew this material inside and out. Instructor quality was top notch.

The class includes credentials to the splunk lab environment for the duration of the class, which is also populated with ~4 million events from their fictional company (Buttercup Games). The students are power users in this splunk app.

Each day was 4:30 hours of instruction, walk through and 2-3 labs. The educator does review labs (you save queries and output as reports or dashboards for this reason) and if they think you missed the mark they will ask you to re-do the lab in question. With that said on day 1 they do give you the complete class PDF and both of the lab manuals (one standard, one with answers). So you have to be lazy to screw up the labs....

Overall I would say I came out with way more knowledge than I went in with. Fundamentals II is where you learn some of the fun stuff, like workflows, automatically correlating events, and making searches dynamic (or triggered/based off from alerts and/or other searches).

Class topics:

1. Using transforming commands for visualizations
2. Filtering & Formatting SPL results
3. Correlating events ("Transaction" command)
4. Creating & Managing Custom Fields
5. Field Aliases, Calculated fields
6. Creating and using Macros
7. Workflows (GET & POST)
8. Creating data models/data model acceleration
9. Implementing CIM add-on for normalization
10. other things related to all of the above....

I will post an update once I take the "Power User" cert with my thoughts on that.

Edit: A tool to generate events for your Splunk lab:
https://splunkbase.splunk.com/app/1924/

nisti2

Thanks for sharing! How much cost the course?

GeekyChick

Thanks for the review and good luck on the test!

--chris--

nisti2 wrote: »

Thanks for sharing! How much cost the course?

I am not 100% certain. We were given X "credits" and told to sign up for Splunk classes.

cyberguypr

Most Splunk classes are between $1k-$2k.

McxRisley

Good luck on the exam! Have you already done the Fundamentals I course? and are you planning to pursue the admin courses?

jvrlopez

If you're a veteran, you can get free splunk training and certification all the way up to Power User:

https://workplus.splunk.com/veterans

That's $1000ish free when it comes to the training and exam...not to mention it's mandatory to become a certified splunk admin.

I passed the certified user before going through the power user..ran out of time when it came to test out of the level II course.

alias454

I just took the same course. (It may have even been the same instructor Richard?)

You can take the fundamentals 1 for free and the fundamentals 2 costs $2000 USD. My company had training credits so I was able to use those.
I would agree with everything Chris said. I started using Splunk daily as part of my new job about 5-6 months ago and still found value from the training so wasn't a waste.

GettingThereSoon

Just passed the Part 1 exam, see details below:

Just passed 2 cert exams today...1st one is AWS Solution Architect - Associate in the morning, then 2nd one Splunk Certified User in the afternoon. The 45 questions in Splunk exam were much harder than the 35 questions in the course's final quiz. It is different from AWS exam that you can't go back to previous questions so no need to rush.

The next exam coming up is the Splunk Certified Power User. Our company paid the subscription, so it is "free" for us to take the course and the exam.

--chris--

McxRisley wrote: »

Good luck on the exam! Have you already done the Fundamentals I course? and are you planning to pursue the admin courses?

Yes. Three more courses (Admin, Data Admin & Advanced Searching and Dashboards).

I am considering putting off the Advanced searching course until I have more seat time with the product since we are still in the development phase of the deployment and I only have my lab to work in.

--chris--

alias454 wrote: »

I just took the same course. (It may have even been the same instructor Richard?)

You can take the fundamentals 1 for free and the fundamentals 2 costs $2000 USD. My company had training credits so I was able to use those.
I would agree with everything Chris said. I started using Splunk daily as part of my new job about 5-6 months ago and still found value from the training so wasn't a waste.

Ha, no this was Chloe. I think Richard was a co-host on day 1 though because she had webex session issues.

jwdk19

jvrlopez wrote: »

If you're a veteran, you can get free splunk training and certification all the way up to Power User:

https://workplus.splunk.com/veterans

That's $1000ish free when it comes to the training and exam...not to mention it's mandatory to become a certified splunk admin.

I passed the certified user before going through the power user..ran out of time when it came to test out of the level II course.

Thank you for this info. I signed up. Going through the Splunk user training now and will then go through the Power User training.

Another site that provides free IT training for veterans is hireourheroes.org