Splunk Fundamentals 2

The Splunk Fundamentals course 2 focuses on searching and reporting commands as well as on the creation of knowledge objects.

Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).

Units : 4
Duration : 18 hours over 4 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)

*Course discounts apply for Splunk Partners.

The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful.

Participant, Splunk Fundamentals 2

Course Topics
  • Transforming commands and visualisation

  • Filtering and formatting results

  • Correlating events

  • Knowledge objects

  • Fields(Field aliases, field extractions, calculated fields)

  • Tags and event types

  • Macros

  • Workflow actions

  • Data models

  • Splunk Common Information Model (CIM)

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites
Related Certifications
Audience

Anyone whose role requires them to view or run reports within Splunk. Previous attendees have had various roles within their organisations such as Consultants, IT Operations/Security, Business Intelligence/Business Analysts and
Marketing Professionals, Solution Architects and Application Developers.

After completing this course you will be able to
  • Create searches using the Splunk Search Processing Language

  • Use many common search commands to create statistics, evaluate data, sort, rename and add totals

  • Create tables and charts using your newfound search commands

  • Customise charts by adding filters to show only certain data, create stacked charts and charts based on time

  • Perform calculations on your event data, use conditional expressions

  • Correlate data using transactions

  • Learn to create valuable knowledge objects which you can reuse time and time again

  • Extract fields at search time with Splunk’s interactive field extractor tool

  • Create macro’s and pass arguments into your search

  • Utilise workflow actions which enable you to launch and interact with external resources

  • Create powerful data models which can be used to run the Pivot tool

  • Add value to your event data using lookups

Course Objectives

Module 1 – Introduction

  • Overview of Buttercup Games Inc.

  • Lab environment

Module 2 – Beyond Search Fundamentals

  • Search fundamentals review

  • Case sensitivity

  • Using the job inspector to view search performance

  • Audience

Module 3 - Using Transforming Commands for Visualisations

  • Explore data structure requirements

  • Explore visualization types

  • Create and format charts and timecharts

Module 4 - Using Mapping and Single Value Commands

  • The iplocation command

  • The geostats command

  • The geom command

  • The addtotals command

Module 5 - Filtering and Formatting Results

  • The eval command

  • Using the search and where commands to filter results

  • The filnull command

Module 6 – Correlating Events

  • Identify transactions

  • Group events using fields

  • Group events using fields and time

  • Search with transactions

  • Report on transactions

  • Determine when to use transactions vs. stats

Module 7 – Introduction to Knowledge Objects

  • Identify naming conventions

  • Review permissions

  • Manage knowledge objects

Module 8 – Creating and Managing Fields

  • Perform regex field extractions using the Field Extractor (FX)

  • Perform delimiter field extractions using the FX

Module 9 – Creating Field Aliases and Calculated Fields

  • Describe, create, and use field aliases

  • Describe, create and use calculated fields

Module 10 – Creating Tags and Event Types

  • Create and use tags

  • Describe event types and their uses

  • Create an event type

Module 11 – Creating and Using Macros

  • Describe macros

  • Create and use a basic macro

  • Define arguments and variables for a macro

  • Add and use arguments with a macro

Module 12 – Creating and Using Workflow Actions

  • Describe the function of GET, POST, and Search workflow actions

  • Create a GET workflow action

  • Create a POST workflow action

  • Create a Search workflow action

Module 13 – Creating Data Models

  • Describe the relationship between data models and pivot

  • Identify data model attributes

  • Create a data model

  • Use a data model in pivot

Module 14 – Using the Common Information Model (CIM) Add-On

  • Describe the Splunk CIM

  • List the knowledge objects included with the Splunk CIM Add-On

  • Use the CIM Add-On to normalize data

Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

AM Marked Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Courses

PM marked courses start at AET  2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+9 including Japan, Korea

  • UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand

  • UTC +5/+6 including India and Sri Lanka

Upcoming Courses

Ingeniq-white-on-tx-registered-larger2.p

Copyright 2020/2021