Splunk Core Certified Advanced Power User Practice Exam

Splunk Core Certified Advanced Power User demonstrates heightened proficiency in complex searching and reporting, advanced utilization of knowledge objects, as well as effective practices for creating dashboards and forms. This certification empowers individuals to generate sophisticated searches, reports, and dashboards, thereby expanding their capabilities in leveraging organizational data.

Exam Prerequisites:

• Candidates must hold Splunk Core Certified Power User certification.
  

Who should take this exam?

The Splunk Core Certified Advanced Power User certification is designed for individuals aiming to elevate their Power User skills to an advanced level. It signifies proficiency in creating highly efficient searches, constructing optimal dashboards, and maximizing the potential of Splunk Cloud or Splunk Enterprise deployments. This includes:

• Rising star
• Competitive job seeker
• Future consultant

Exam Details

• Exam Name: Splunk Core Certified Advanced Power User
• Exam Languages: English
• Exam Questions: 70 Questions
• Time: 60 minutes
• Price: $130 USD

Exam Course Outline 

The Splunk Core Certified Advanced Power User Exam covers the given topics  - 

Topic 1: Exploring Statistical Commands 4%

1.1 Performing statistical analysis with stats function

1.2 Using fieldsummary

1.3 Using appendpipe

1.4 Using count and list functions

1.5 Using eventstats

1.6 Using streamstats

Topic 2:  Learn about Exploring eval Command Functions 4%

2.1 Using conversion functions

2.2 Using text functions

2.3 Using comparison and conditional functions

2.4 Using informational functions

2.5 Using statistical functions

2.6 Using makeresults command

Topic 3: Exploring Lookups 4%

3.1 Applying advanced lookup options

3.2 Including and excluding events based on lookup values

3.3 Using KV Store lookups

3.4 Using external lookups

3.5 Using geospatial lookups

3.6 Understanding best practices for lookups

Topic 4: Understand Exploring Alerts 4%

4.1 Logging and indexing searchable alert events

4.2 Referencing lookups in alerts

4.3 Outputting alert results to a lookup

4.4 Using a webhook alert action

4.5 Creating a log event alert action

Topic 5:  Learn about Advanced Field Creation and Management 4%

5.1 Identifying field extraction methods

5.2 Providing a regex expression to the Field Extractor to extract a field

5.3 Performing search time field extraction using the erex and rex commands

5.4 Understand how to improve regex performance in Splunk

Topic 6:  Working with Self-Describing Data and Files 3%

6.1 Understanding self-describing data

6.2 Using the spath command

6.3 Using the eval command with the spath function

6.4 Using the multikv command

Topic 7: Understand Advanced Search Macros 3%

7.1 Using nested search macros

7.2 Previewing search macros before executing

7.3 Using other knowledge objects with macros

Topic 8: Using Acceleration Options: Reports and Summary Indexing 4%

8.1 Describing acceleration

8.2 Identifying which reports qualify for acceleration

8.3 Identifying when Splunk doesn’t build an acceleration summary

8.4 Accelerating a report

8.5 Using the Report Acceleration Summaries and Summary Detail pages

8.6 Understanding summary Indexing

8.7 Using the summary indexing transforming commands

8.8 Defining searching against a summary

8.9 Understanding how to handle gaps and overlaps in summary indexes

Topic 8: Using Acceleration Options: Data Models and tsidx Files 4%

9.1 Exploring data models using the datamodel command

9.2 Understanding data model acceleration

9.3 Accelerating data models

9.4 Understanding tsidx files

9.5 Working with tsidx files using tstats commands

9.6 Using tstats to search accelerated data models

9.7 Determining which acceleration option to use

Topic 10: Using Search Efficiently 4%

10.1 Splunk architecture components

10.2 Search flow

10.3 Streaming commands

10.4 Transforming commands

10.5 Command ordering

10.6 Job inspector

Topic 11: Understand More Search Tuning 3%

11.1 Pre-Filtering search data

11.2 Lispy and boolean operators

11.3 Lispy and wildcards

11.4 Using the TERM directive

Topic 12: Learn about Manipulating and FiIltering Data 6%

12.1 bin command

12.2 xyseries command

12.3 untable command

12.4 foreach command

12.5 strftime function

Topic 13: Working with Multivalued Fields 7%

13.1 Multivalued fields

13.2 Some multivalued eval functions

13.3 makemv command

13.4 mvexpand command

Topic 14: Learn about Using Advanced Transactions 5%

14.1 Evaluating events to create transactions

14.2 Handling common values/different field names

14.3 An alternative to coalesce

14.4 Identifying complete vs. incomplete transactions

14.5 Making transactions more efficient

14.6 stats and transactions

Topic 15: Working with Time 2%

15.1 Using time effectively

15.2 What are the default time fields

Topic 16: Using Subsearches 6%

16.1 Filtering through many results

16.2 Subsearch caveats

16.3 When to use subsearch

16.4 When NOT to use subsearch

16.5 Troubleshooting subsearches

16.6 append command

Topic 17: Creating a Prototype 4%

17.1 Define simple XML syntax for views

17.2 Use best practices for creating views

17.3 Troubleshooting views

Topic 18: Using Forms 5%

18.1 Explain how tokens work

18.2 Use tokens with form inputs

18.3 Create cascading inputs

18.4 Define types of token filters

Topic 19: Improving Performance 6%

19.1 Identify ways to improve dashboard performance

19.2 Use the tstats command

19.3 Create base and post-process searches

Topic 20: Customizing Dashboards 6%

20.1 Customize chart and panel properties

20.2 Set panel refresh and delay times

20.3 Disable search access features

20.4 Create event annotations

Topic 21: Adding Drilldowns 7%

21.1 Define types of drilldowns

21.2 Identify predefined tokens

21.3 Create dynamic drilldowns

Topic 22: Adding Advanced Behaviors and Visualizations 5%

22.1 Identify types of event handlers

22.2 Define event actions

22.3 Create contextual drilldowns

22.4 Use simple XML extensions