Book Image

Mastering Splunk

By : James D. Miller
Book Image

Mastering Splunk

By: James D. Miller

Overview of this book

Table of Contents (18 chapters)
Mastering Splunk
About the Author
About the Reviewers


To date, the Splunk community categorizes certifications by a generalized area discussed in the following sections.

Knowledge manager

A knowledge manager manages (and develops) knowledge objects. Knowledge managers might work at the project level, organization level, or practice level to manage:

  • Saved searches

  • Event types

  • Transactions

  • Tags

  • Field extractions and transformations

  • Lookups

  • Workflows

  • Commands

  • Views

A Splunk knowledge manager will have a deep understanding of Splunk, its user interfaces, the objective of each type of knowledge object, and so on. Knowledge managers must also look beyond personal use or a particular project, extending the Splunk environment, through the management of a Splunk knowledge object library.


As a Splunk administrator, you need to provide hands-on daily support of (perhaps) several Splunk installations, requiring hands-on knowledge of the best or proven practices and configuration techniques, and in addition, be able to construct and manage an organization's knowledge objects.


Splunk architects can design and create apps in Splunk. In addition, an architect needs to have both knowledge management experience and administration know-how. Additionally, architects need to be comfortable with large-scale deployments and an application's best practices for tasks such as forecasting, raw data collection, sizing, and documenting.

Supplemental certifications

Only available to Splunk partners, Splunk offers what is referred to as supplemental certification.

Splunk partners

Splunk offers partnerships that, if you wish, you can pursue based on your interests, such as:

  • Powered associate

  • Consulting partner

  • Development partner

  • Reseller partner

  • Service provider partner

  • Technology partner

Individuals or organizations who are Splunk partners can be sources of advice and useful information to you and your organization on your journey of mastering Splunk. In fact, you might want to target becoming a Splunk partner.

It is highly recommended that you establish an account at and log in regularly as a returning Splunker. On the website, you can find details on the partnering program or find an existing partner.

Proper training

As with other technologies, Splunk offers instructor-led classes. You can attend the "virtual classroom" or have the class presented at your location.

The complete Splunk curriculum is offered monthly, and all the classes consist of relevant, student-done exercises in:

  • Advanced users

  • Splunk (app) development

  • Administration

  • Architectural techniques

  • Security