Just to be transparent, outside of Splunk I hold no relevant certifications. As a whole they are helpful as they help create shated vocabulary and baselines, but I would say for those of us not in the aforementioned positions primarily use them as an imperfect check that you didn't miss a sifnificant piece of knowledge when learning. If you are trying to break into the field, need a security clearance, or work providing services to others then likely there is value in some certifications. I also find resumes to be poor indicators of who is a quality applicant. Some of the best people I have worked with have had none and I've worked with lots of people who had them but only could contribute superficially. Today it's an issue and even if you look at the Splunk produced content you see these issues and worse you see examples of them incorrectly using fillnull to address the by clause issue* My hope is that with SPL2 and splunk parsing to an abstract syntaxes tree that they will start displaying warnings as IMHO that is the best way to handle this.
Or most searches don't realize that stats can be a filtering command as any record with a null value in the by clause will be silently dropped. People miss that most uses of dedup (any where data is used that isn't always identical for the value of the fields listed in the dedup) can return different sets of data something really not good for reporting or alerting.
Splunk certs how to#
To be honest, what I have seen of their training (I went through before the user and power user certifications but I have had colleagues go through) they only teach you the very basics of how to use Splunk. As someone who has a number of Splunk certifications, they're training nor certifications are along what you outlined.
0 kommentar(er)
