Use this quick start guide to collect all the information about Splunk Core Advanced Power User (SPLK-1004) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SPLK-1004 Splunk Core Certified Advanced Power User exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Splunk Core Advanced Power User certification exam.
The Splunk Core Advanced Power User certification is mainly targeted to those candidates who want to build their career in Cloud domain. The Splunk Core Certified Advanced Power User exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Splunk Core Advanced Power User.
Splunk Core Advanced Power User Exam Summary:
Exam Name | Splunk Core Certified Advanced Power User |
Exam Code | SPLK-1004 |
Exam Price | $130 (USD) |
Duration | 60 mins |
Number of Questions | 70 |
Passing Score | 700/1000 |
Books / Training | Core Certified Advanced Power User Learning Path |
Schedule Exam | Pearson VUE |
Sample Questions | Splunk Core Advanced Power User Sample Questions |
Practice Exam | Splunk SPLK-1004 Certification Practice Exam |
Splunk SPLK-1004 Exam Syllabus Topics:
Topic | Details | Weights |
---|---|---|
Exploring Statistical Commands |
- Performing statistical analysis with stats function - Using fieldsummary - Using appendpipe - Using count and list functions - Using eventstats - Using streamstats |
4% |
Exploring eval Command Functions |
- Using conversion functions - Using text functions - Using comparison and conditional functions - Using informational functions - Using statistical functions - Using makeresults command |
4% |
Exploring Lookups |
- Applying advanced lookup options - Including and excluding events based on lookup values - Using KV Store lookups - Using external lookups - Using geospatial lookups - Understanding best practices for lookups |
4% |
Exploring Alerts |
- Logging and indexing searchable alert events - Referencing lookups in alerts - Outputting alert results to a lookup - Using a webhook alert action - Creating a log event alert action |
4% |
Advanced Field Creation and Management |
- Identifying field extraction methods - Providing a regex expression to the Field Extractor to extract a field - Performing search time field extraction using the erex and rex commands - Understand how to improve regex performance in Splunk |
4% |
Working with Self-Describing Data and Files |
- Understanding self-describing data - Using the spath command - Using the eval command with the spath function - Using the multikv command |
3% |
Advanced Search Macros |
- Using nested search macros - Previewing search macros before executing - Using other knowledge objects with macros |
3% |
Using Acceleration Options: Reports and Summary Indexing |
- Describing acceleration - Identifying which reports qualify for acceleration - Identifying when Splunk doesn’t build an acceleration summary - Accelerating a report - Using the Report Acceleration Summaries and Summary Detail pages - Understanding summary Indexing - Using the summary indexing transforming commands - Defining searching against a summary - Understanding how to handle gaps and overlaps in summary indexes |
4% |
Using Acceleration Options: Data Models and tsidx Files |
- Exploring data models using the datamodel command - Understanding data model acceleration - Accelerating data models - Understanding tsidx files - Working with tsidx files using tstats commands - Using tstats to search accelerated data models - Determining which acceleration option to use |
4% |
Using Search Efficiently |
- Splunk architecture components - Search flow - Streaming commands - Transforming commands - Command ordering - Job inspector |
4% |
More Search Tuning |
- Pre-Filtering search data - Lispy and boolean operators - Lispy and wildcards - Using the TERM directive |
3% |
Manipulating and FIltering Data |
- bin command - xyseries command - untable command - foreach command - strftime function |
6% |
Working with Multivalued Fields |
- Multivalued fields - Some multivalued eval functions - makemv command - mvexpand command |
7% |
Using Advanced Transactions |
- Evaluating events to create transactions - Handling common values/different field names - An alternative to coalesce - Identifying complete vs. incomplete transactions - Making transactions more efficient - stats and transactions |
5% |
Working with Time |
- Using time effectively - What are the default time fields |
2% |
Using Subsearches |
- Filtering through many results - Subsearch caveats - When to use subsearch - When NOT to use subsearch - Troubleshooting subsearches - append command |
6% |
Creating a Prototype |
- Define simple XML syntax for views - Use best practices for creating views - Troubleshooting views |
4% |
Using Forms |
- Explain how tokens work - Use tokens with form inputs - Create cascading inputs - Define types of token filters |
5% |
Improving Performance |
- Identify ways to improve dashboard performance - Use the tstats command - Create base and post-process searches |
6% |
Customizing Dashboards |
- Customize chart and panel properties - Set panel refresh and delay times - Disable search access features - Create event annotations |
6% |
Adding Drilldowns |
- Define types of drilldowns - Identify predefined tokens - Create dynamic drilldowns |
7% |
Adding Advanced Behaviors and Visualizations |
- Identify types of event handlers - Define event actions - Create contextual drilldowns - Use simple XML Extensions |
5% |
To ensure success in Splunk Core Advanced Power User certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Splunk Core Certified Advanced Power User (SPLK-1004) exam.