Resources for learning Splunk
I’ve started using Splunk half a year ago. So far, got Splunk Admin and few other partner accreditation, like Sales Engineer 1. Currently I’m preparing for Splunk Architect Exam/Lab. For me the best place to learn Splunk, is official documentation.
It is a good idea to check Splunk’s best practices doc, because sometimes admins develop their own “best practices” and that can be suboptimal.
Other places to look Answers - the stackoverflow-like site. Some answers are pure gems 1, 2. Questions answered by experts and Spunk employees. As a reward, every year they award best of the best with tickets to .conf.
.conf is an annual conference where Splunk announces new features, experts give talks on different subject from monitoring to securtiy. Almost all talks are recorded and have slides shared. As expected there is app for the conference. My daily routine includes watching random (this apps needs “random” button) talk. Some of the talks 1, 2 are amazing and cover things, that are not in docs or courses.
Splunk offers free Fundamentals 1 and Fundamentals 2 (if you are a partner), which correspond to Splunk User and Power User certifications. In my opinion these two are the best courses to get started fast. Admin and Architect courses are ok. Starting Autumn 2018, Splunk will use PearsonVUE as platform for certification.
There are also courses available on a partner portal, mainly for partner accreditations.
Splunk 7 Essentials is a good overview of the platform.