Learn Splunk -Tips, Hacks and Resources

Learning anything new takes time, patience and perseverance. That said Splunk has one of the lowest entry thresholds I’ve experienced. Set yourself up to succeed and before you know it you will be Splunking like the pros. Here are my top tips to to learn Splunk.

1. Work Out What You Want to Learn

Start with the end in mind. Whenever you learn something new, whether it be cooking or coding you need to know your end game.

  • Do you want to be a kick ass developer and make visualisations or Splunk apps?
  • Is your goal to be an awesome power user and make efficient searches?
  • Do you want to build business cases and analyse your businesses data?
  • Do you want to learn Splunk so you can build exec dashboards?

Make a list of the things you want to learn and focus on knocking them off one at a time.

2. Muscle memory = mind memory

Years ago when I was learning to code, I put aside every Friday afternoon as learning time. I’d work away for a few hours and then beer o’clock would strike. I found that once a week wasn’t enough. The concepts were fine but I’d forget the syntax (I blame the beer). But it had more to do with repetition and familiarity. You have to do the same thing repeatedly until it becomes second nature. I changed my approach. Every morning I would get up and spend my first half hour of the day focused on learning. Even though I wasn’t spending any more time on it than before finally things started to stick. Make time book it in like you would a meeting.

3. Start Small

When learning Splunk you want to start small, build on what you already know. This may seem obvious but you will stay motivated if you have a starting point that you are familiar with. Do you have some machine data you understand? Are you an app owner who wants to learn about how your users are using your app? Pick something that you understand and build on from there.

4. Create – Real life examples

Nothing gets you budget better than solving a real life problem. Nothing sticks in your mind better than solving that million dollar use case. Forget Ninjas, be a super hero with creating value and solving the “unsolvable” problems. App Assembly customers often quip that this is too hard, yet a day or so later we deliver the solutions to their “unsolvable” problems, thanks Splunk.

5. Remove the Jargon

Jargon – “Language used to keep out those who are not like “us” whomever “us” may be.”

Jargon and Acronyms can be a real barrier to learning new technology. To a newb all those fancy acronyms mean nothing.

Tackle them by creating your own cheat sheet or glossary. If you write the definition in your own terms things will start to make more sense. Here is mine to get you started.

If you are having trouble with this read a few blogs (Shameless self promotion…Hehe ) or go to the user forums to hear other people describing their experiences. This will often help you pick up tips and the jargon level will vary in the posts.

6. Set yourself up to succeed.

Download Splunk it is free. Make sure you set your environment up properly and check that is works. Troubleshooting a technology you don’t know is near impossible, and an additional struggle you don’t need. Work on a clean system, use virtual machines, or newly built hardware if possible. Always avoid the minimum system specs, so the system will run comfortably.

7. Find a Mentor

I have been blessed with some great mentors over the years. My first mentor was super busy and at first I was reluctant to ask for guidance, but he sat me down over coffee one day and explained that if he teaches me the basics then he can hand over the boring stuff to me. Win Win Right? Let just say I never felt bad about going to him again.

Mentors are great; they can get you on track if you are loose your way, they can help you clarify your thinking, you can throw ideas around with them, and most importantly keep you motivated when you’re feeling like you will never get there. They were where you are once too.

If you can’t find a mentor then turn to the community. Join the Splunk group on linked in . Network at Splunk Live. Join a local Splunk User Group. Get involved on Splunk Answers.

8. Read/Watch/Listen/Play

Everyone has their own style of learning. What’s yours?

Technical books are wonderful things, choc full of jargon, examples and usually upwards of 500 pages long. On top of that they are the best treatment for insomnia. Don’t get me wrong technical books are awesome, but they are just one of the options available.

We learn by reading, hearing, touching and doing. Make sure you mix it up.

Download Splunk and setup a Sandbox Environment
Read books, blogs and technical documents
Do tutorials
Watch YouTube videos and listen to podcasts
Do formal courses (the Splunk ones are awesome)
Download other peoples apps and check out the source code, how do they work?
Look at the xml code
Play with examples that other people have created.
Most importantly, just get in and have a go

Awesome Resources to Help You Learn Splunk

Books and Doco
Courses
  • Splunk Education (there are a few free ones to get you started)
    The course have a full range of topics from beginner to architect.
Community
Videos and Podcasts
Splunk & Sample Apps

These are my top tips and resources. Got any you’d like to add? Put it to the comments below.

Share this Post

Leave a Reply

Your email address will not be published. Required fields are marked *