Splunk is gaining tremendous traction in the market due to its ability to harness the value of machine data. The idea here is to highlight a few reasons for such success: free-access and community driven approaches.

Being familiar with the ways in which knowledge can be freely attained is a great advantage. Coupled with your curiosity, pretty much nothing more is needed to become an independent learner these days.

Below you will find the main references I’ve been using to learn Splunk and get up to speed with this great technology.

Splunk Platform: Free, Easy Access

Splunk provides free access to its flagship product, Splunk Enterprise. Users evaluating the product can also get a free, perpetual license. That means no initial costs for installing and evaluating most of its primary capabilities.

For developers, there is also a developer license which enables up to 10GB a day for data indexing.

TLDR? Just hit Play!

Besides the excellent Just Ask campaign, the following short videos help showing Splunk’s benefits:

• Splunk Video: What Is Machine Data?
• Why Splunk?
• Splunk For Security Vs. SIEM

Are you looking for more technical stuff, easy to follow and digest? Below is a YouTube playlist with demo-like lessons available from Splunk’s channel:

• Splunk Education: Tutorials & “How To’s” (start from bottom-up)
• Creating Dashboards in Splunk Enterprise 6
• Creating Pivot Reports in Splunk Enterprise 6
• Getting Data from Windows into Splunk Enterprise 6
• Splunk field extraction 6.x

Besides, if you are an Infosec pro, don’t forget to check the current Security related apps at the portal. Aside from that, below you will find a few videos that might trigger inspiration for further research and ideas:

• New Paradigm for Today’s Cyber Threat Defense (NASDAQ’s CISO preso at 5th SplunkConf)
• Splunk Enterprise (SIEM): Splunk App for Enterprise Security 3.0 (Demo)
• Splunk as a Big Data Platform for Developers

Q&A Forum, IRC and Wiki

The Splunk Answers forum is really an important knowledge base, and here’s why:

• The discussions are around questions and answers, so entries tend to be clear and narrowed to a specific topic, often times matching an issue you are currently facing;
• Not only Splunk team members provide answers. It’s common to get responses from partners and, of course, the whole Splunk community, including end-users;
• Script/Code as well as images are allowed for easier understanding of a question or an answer. Top contributors are also awarded with points and badges to promote users interaction;
• There is a sort of rating to answers, so users can also rely on that for choosing where to start.

I was also surprised when I joined the IRC channel as several Splunk staff members (PS, Devel, Support) take part in the discussions there. Sometimes the answer not found via documentation, or a bug report might well be the subject of a quick chat.

Besides that, there is, of course, a Splunk Wiki! As it applies to other examples listed here, it’s also community driven so anyone is able to add and edit content.

Documentation Portal

Splunk provides a well organized documentation portal, which serves as a quick reference guide (e.g., search commands) and also enables you to learn about more advanced topics such as Distributed Deployment, or the Common Information Model Add-on Manual.

Also, there are some dedicated tutorials available such as the Search Tutorial. I am listing below some doc bookmarks that I am constantly querying on:

• Search Commands Reference (in this case, for stats command)
• Functions for eval and where
• Configuration File Reference

It’s worth noting most areas from the documentation portal are provided with a Comments section, from which the answer for your issue might be found, so always keep an eye on that.

UPDATE 9-Mar-15: Also, don’t forget to bookmark Splexicon, a documentation reference that defines technical terms that are specific to Splunk. Definitions include links to related information from the Splunk documentation.

Cheatsheets

For those Splunk Ninjas pros out there who love having those neat docs around, there are some cool versions available for Splunk as well. Some of them are listed below:

• Cheatsheets for Splunk

The Community Factor: BIG Win!

The community engagement is a huge win in respect to knowledge sharing and as a business strength. Simply setting up a web forum doesn’t enable community integration. In my opinion, here are some of the great initiatives Splunk has been carrying out to accomplish that:

• As shown above, the Splunk Answers, Wiki and IRC help users at any level using Splunk;
• Team Blog: here the Splunk teams are constantly writing blog posts about interesting stuff;
• Splunk Apps portal enables any user to share an app by storing it at Splunk’s cloud;
• For app development, there are several different SDKs and a REST API available;
• Splunk Apptitude is an online competition for developers looking for recognition (and prizes!);
• Splunk4Good extends Splunk’s corporate values in support of positive social impact and change;
• The Splunk Conference stats: 4k+ users, 70+ customers sessions and tons of takeaway ideas;
• Finally, there are a lot of cool Webinars and Podcasts available for learning more.

Missing something? Just let me know so I can add them here as well.