I Passed the Splunk Core Certified User SPLK-1001 Exam


Last week I took and passed the Splunk Core Certified User SPLK-1001 exam. This was a certification I got for my new job as a SOC analyst.

This is just a quick post to share what study materials I used, some things you should know if you plan to take this exam and how I feel about the exam. Like every exam I have taken I felt unprepared but still managed to pass. You get 57 minutes for this exam but there are only 60 questions. This was plenty of time for me. There is a lot about this exam that is unknown. On a CompTIA exam they would let you know how many points you would need to pass an exam. I was never able to find how many points are needed or what percentage of questions need to be answered correctly to pass the exam. Even after I took the exam they did not share how many points I scored or a percentage of how many questions were correct. I only got a piece of paper that congratulates me for passing and gave me some instructions for redeeming a badge on credly.

My study strategy was mostly the same as when I got the Security+. I used video courses, quizzes and flashcards. You can read that blog post here. I was also able to learn from co-workers and use Splunk at work to learn as well. If you have any questions about it, feel free to send me a question on Twitter.

Here is everything I used to study for the exam:

Splunk Fundamentals 1 - There was a time you could do this entire course for free but they have broken it down into several sections some being free others being $500.


Splunk Core Certified User Blueprint (PDF) - This is basically Splunk's version of exam objectives


Flashcards from Quizlet


Splunk Exam: Splunk Core Certified User Certification 2021 - These are practice exams. I suggest waiting for them to go on sale.


Other useful links:

Splunk Certification Exam Study Guide (PDF)


Splunk Certification Candidate Handbook (PDF)