Splunk® IT Essentials Learn

Use Splunk IT Essentials Learn

Investigate procedures in Splunk IT Essentials Learn

Splunk IT Essentials Learn offers out-of-the-box procedures for a variety of common IT use cases. The procedures provide a starting point to start ingesting your data into Splunk Enterprise and monitoring useful metrics within your environment. Go to the Investigate tab to see the available procedures.

The following use cases are currently available in Splunk IT Essentials Learn:

  • Application
    • Application
    • Web Servers
  • Cloud Infrastructure
    • AWS
    • Azure
    • GCP
    • VMware
  • Database
    • Database Wire Data
  • Network
    • Firewall
    • Routers and Switches
  • Server and OS
    • Unix and Linux
    • Windows
  • Storage
    • Isilon


Each use case contains a variety of relevant procedures.

"Screenshot of the IT Essentials Learn procedures.

IT maturity journey stages

All procedures are ranked on a scale of 1-4 based on their IT maturity stage.

Stage Description
(1) Descriptive Looks at data descriptively and tells you what happened in the past. These procedures can help you understand how certain components are performing by providing context to help stakeholders interpret information.
(2) Diagnostic Helps you understand why something happened in the past. Diagnostic analysis is often referred to as root cause analysis.
(3) Predictive Predicts what is most likely to happen in the future by considering key trends and patterns.
(4) Prescriptive Recommends actions you can take to affect outcomes. These procedures suggest various courses of action and outline what the potential implications would be for each.

The Investigate page displays the available procedures along with their maturity levels. Use the available filters to filter by IT maturity journey stage, data source, or whether the procedure is marked as a favorite or deployed.

Investigate a procedure

Each procedure in Splunk IT Essentials Learn contains useful information to help you get your data into Splunk Enterprise and start deploying it. In most cases, you get the live data into your instance by installing and configuring the appropriate Splunk add-on. Each procedure lists the Splunk add-ons required to ingest the proper data along with links to Splunkbase to download and install them. The How to implement tab provides instructions to implement the procedure, as well as links to useful content and troubleshooting information.

All procedures contain a demo data search so you can preview how the corresponding visualization looks, as well as a live data search you can run on your own data once you've ingested it using add-ons. The searches include SPL descriptions showing why they use each search command.

Favorite and deploy procedures

Splunk IT Essentials Learn gives you control of your own IT journey. Use the Favorited option to highlight the procedures that are interesting or relevant to your business case, and then work through those procedures over time. Consider favoriting procedures at all levels so you can set incremental goals.

Use the Mark as Deployed option to record your progress toward IT maturity. Mark a procedure as deployed once you've successfully onboarded your own data using the add-ons and deployed the live data search as a dashboard in your global Splunk environment. By marking procedures as deployed you can use the My Progress page to track your exploration of IT Essentials procedures. For more information about the visualizations on the My Progress page, see Track your progress in Splunk IT Essentials Learn.

Last modified on 03 July, 2024
  Track your progress in Splunk IT Essentials Learn

This documentation applies to the following versions of Splunk® IT Essentials Learn: 1.1.8


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters