EntryVendor-specificSplunk· issued from US

Splunk Core User

Splunk Core Certified User

Foundational SPL fluency — search, filter, and report on Splunk data without breaking it.

Official page at Splunk ↔ Compare with another cert

Exam fee

$130

Ongoing

$0/yr AMF

Study time

20–40 hrs

Delivery

Online proctored

Validity

3 yrs (renewal cycle)

› Quality score

19.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Clear vendor blueprint scoped to SPL fundamentals and basic search/dashboard work.

6.0/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Pure MCQ. Splunk training includes hands-on labs but they aren't graded.

0.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Tracks Splunk Cloud / Enterprise major releases on a roughly annual cadence.

7.0/10

Market recognition

How often this signal actually moves a hiring decision.

Common starter cert for SOC analysts in Splunk shops. Frequently the first credential listed on Tier-1 SOC roles. [Holders: vendor doesn't publish]

6.0/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

100,000

as of 2024-12 · source

Splunk does not publish certified-holder counts; estimate from training-channel signals and the broad install base.

› Built for these roles

Tier-1 SOC AnalystJunior Detection EngineerSplunk End User

› Exam format

65 multiple-choice questions, 60 minutes, English. Online proctored via Pearson VUE. Covers SPL basics, fields, time ranges, reports, and dashboards.

› Recertification

Recertification by passing the current version of the exam every 3 years. No CPEs.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-005

Recognition

GlobalUSEUUK

Exam languages

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A8Threat Intelligence

CTI lifecycle, MITRE ATT&CK, IOCs/TTPs, threat modeling (STRIDE, PASTA), STIX/TAXII.

› Prerequisites

Experience

Access to a Splunk instance (free dev license is sufficient). Comfort with basic command-line search.

Knowledge assumed

Search Processing Language (SPL) basics
Fields, time ranges, and tags
Reports and simple dashboards

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (0)

No de facto priors typically expected.

Splunk Core User

Splunk

Required by (0)

No certs require this one.

Recommended next (1)

Splunk ES AdminSplunk

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications