Splunk Core Certified Advanced Power User

About Splunk Core Certified Advanced Power User

Splunk Core Certified Advanced Power User exam is the final step toward completion of the Splunk Core Certified Advanced Power User certification. This advanced certification exam evaluates a candidate’s knowledge and skills in more advanced searching and reporting commands, advanced use cases of knowledge objects, and best practices for building dashboards and forms. 

Splunk Core Certified Advanced Power User has a greater depth of knowledge and skills in complex searching and reporting commands, advanced use cases of knowledge objects, and best practices for building dashboards and forms. This certification exam demonstrates an individual’s ability to generate complex searches, reports, and dashboards with Splunk’s core software to get the most out of their data.

Exam Prerequisite - Certification

• Splunk Core Certified Power User

Recommended Prerequisite  - Courses

Candidates for this exam are recommended to complete the lecture, hands-on labs, and quizzes that are part of the:

• Fundamentals 3 Course
• Creating Dashboards with Splunk Course
• Advanced Searching and Reporting Course

Learning Skills / Important Areas

The following content areas are general guidelines for the content to be included on the exam:

• Advanced statistics and eval commands
• Advanced lookup topics
• Advanced alert actions
• Using regex and erex to extract fields
• Using spath and multikv to work with self-referencing data
• Creating nested macros
• Accelerating reports and data models
• Splunk search process
• Creating more efficient searches
• Using subsearches
• Additional statistical commands and functions
• Formatting and calculating results
• Charting commands and options
• Correlating events
• Simple XML
• Tokens
• Base Searches
• Dynamic Drilldowns
• Event Handlers
• Simple XML Extensions

Course Structure

The Splunk Core Certified Advanced Power User Exam covers the following topics - 

1. Exploring Statistical Commands (4%)

1.1 Performing statistical analysis with stats function

1.2 Using fieldsummary

1.3 Using appendpipe

1.4 Using count and list functions

1.5 Using eventstats

1.6 Using streamstats

2. Exploring eval Command Functions (4%)

2.1 Using conversion functions

2.2 Using text functions

2.3 Using comparison and conditional functions

2.4 Using informational functions

2.5 Using statistical functions

2.6 Using makeresults command

3. Exploring Lookups (4%)

3.1 Applying advanced lookup options

3.2 Including and excluding events based on lookup values

3.3 Using KV Store lookups

3.4 Using external lookups

3.5 Using geospatial lookups

3.6 Understanding best practices for lookups

4. Exploring Alerts (4%)

4.1 Logging and indexing searchable alert events

4.2 Referencing lookups in alerts

4.3 Outputting alert results to a lookup

4.4 Using a webhook alert action

4.5 Creating a log event alert action

5. Advanced Field Creation and Management (4%)

5.1 Identifying field extraction methods

5.2 Providing a regex expression to the Field Extractor to extract a field

5.3 Performing search time field extraction using the erex and rex commands

5.4 Understand how to improve regex performance in Splunk

6. Working with Self-Describing Data and Files (3%)

6.1 Understanding self-describing data

6.2 Using the spath command

6.3 Using the eval command with the spath function

6.4 Using the multikv command

7. Advanced Search Macros (3%)

7.1 Using nested search macros

7.2 Previewing search macros before executing

7.3 Using other knowledge objects with macros

8. Using Acceleration Options: Reports and Summary Indexing (4%)

8.1 Describing acceleration

8.2 Identifying which reports qualify for acceleration

8.3 Identifying when Splunk doesn’t build an acceleration summary

8.4 Accelerating a report

8.5 Using the Report Acceleration Summaries and Summary Detail pages

8.6 Understanding summary Indexing

8.7 Using the summary indexing transforming commands

8.8 Defining searching against a summary

8.9 Understanding how to handle gaps and overlaps in summary indexes

9. Using Acceleration Options: Data Models and tsidx Files (4%)

9.1 Exploring data models using the datamodel command

9.2 Understanding data model acceleration

9.3 Accelerating data models

9.4 Understanding tsidx files

9.5 Working with tsidx files using tstats commands

9.6 Using tstats to search accelerated data models

9.7 Determining which acceleration option to use

10. Using Search Efficiently (4%)

10.1 Splunk Architecture Components

10.2 Search flow

10.3 Streaming Commands

10.4 Transforming Commands

10.5 Command Ordering

10.6 Job Inspector

11. More Search Tuning (3%)

11.1 Pre-Filtering Search Data

11.2 Lispy and Boolean Operators

11.3 Lispy and Wildcards

11.4 Using the TERM directive

12. Manipulating and FIltering Data (6%)

12.1 bin Command

12.2 xyseries Command

12.3 untable Command

12.4 foreach Command

12.5 strftime Function

13. Working with Multivalued Fields (7%)

13.1 Multivalued Fields

13.2 Some multivalued eval Functions

13.3 makemv Command

13.4 mvexpand Command

14. Using Advanced Transactions (5%)

14.1 Evaluating Events to Create Transactions

14.2 Handling Common Values/Different Field Names

14.3 An alternative to coalesce

14.4 Identifying Complete vs. Incomplete Transactions

14.5 Making Transactions More Efficient

14.6 stats and Transactions

15. Working with Time (2%)

15.1 Using Time Effectively

15.2 What are the Default Time Fields

16. Using Subsearches (6%)

16.1 Filtering Through Many Results

16.2 Subsearch Caveats

16.3 When to Use Subsearch

16.4 When NOT to Use Subsearch

16.5 Troubleshooting Subsearches

16.6 append Command

17. Creating a Prototype (4%)

17.1 Define simple XML syntax for views

17.2 Use best practices for creating views

17.3 Troubleshooting views

18. Using Forms (5%)

18.1 Explain how tokens work

18.2 Use tokens with form inputs

18.3 Create cascading inputs

18.4 Define types of token filters

19. Improving Performance (6%)

19.1 Identify ways to improve dashboard performance

19.2 Use the tstats command

19.3 Create base and post-process searches

20. Customizing Dashboards (6%)

20.1 Customize chart and panel properties

20.2 Set panel refresh and delay times

20.3 Disable search access features

20.4 Create event annotations

21. Adding Drilldowns (7%)

21.1 Define types of drilldowns

21.2 Identify predefined tokens

21.3 Create dynamic drilldowns

22. Adding Advanced Behaviors and Visualizations (5%)

22.1 Identify types of event handlers

22.2 Define event actions

22.3 Create contextual drilldowns

22.4 Use simple XML extensions

Exam Pattern 

• Exam Name: Splunk Core Certified Advanced Power User
• Number of Questions: 70 Questions
• Length of Time:  60 minutes
• Exam Language: English
  

What do we offer?

• Full-length mock test with unique questions in each test set
• Practice objective questions with section-wise scores
• An in-depth and exhaustive explanation for every question
• Reliable exam reports evaluating strengths and weaknesses
• Latest Questions with an updated version
• Tips & Tricks to crack the test
• Unlimited access

What are our Practice Exams?

• Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
• Practice exam questions have been created on the basis of content outlined in the official documentation.
• Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
• Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
• You can also create your own practice exam based on your choice and preference 

100% Assured Test Pass Guarantee

We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee! 

If you are not able to clear the exam, you can ask for a 100% refund.