Working with Metrics in Splunk
The Working with Metrics in Splunk course provides Splunk users in-depth information about metrics, ingesting and searching metrics data, and how to use the Metrics Workspace to analyze and create visualizations.
Units : 2
Duration : 9 hours over 2 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)
​
*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.
One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress.
Participant, Splunk Enterprise Data Administration
Working with Metrics in Splunk - Course Topics
-
Metrics Overview
-
Metrics Terminology
-
Onboard Metrics Data
-
Metrics Indexing
-
Protocols to Ingest Metrics Data
-
Metrics SPL Commands
-
Log to metrics Conversion
-
Use the Metrics Workspace
-
Metrics Best Practices Course
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at your site
Course Prerequisites
Related Certifications
None
Working with Metrics in Splunk - Audience
Splunk Admins and Splunk Architects who are working with IoT, IT performance metric or numeric data sources.
After completing Working with Metrics in Splunk course you will be able to
​
-
Understand the advantages of Metric indexing
-
Onboard data sources into Metric indexes
-
How to convert event data into Metrics
-
How to analyse Metric data within Splunk
Working with Metrics in Splunk - Course Objectives
Module 1 – Metrics Overview
-
Understand the difference between metrics and events
-
Describe metrics and metrics terminology
-
Identify the storage and performance benefits of metrics
-
Review use cases of searching metric data
-
Describe metrics dimensions and time series
​
Module 2 – Indexing and searching metrics
-
Describe metrics indexing
-
Creating metrics indexes
-
Onboarding metrics data
-
Use the mcatalog, msearch and mstats commands to search metrics data
​
Module 3 – Bringing Metrics into Splunk: Metrics-Formatted Data
-
Review metrics sourcetypes and supported protocols
-
Use collectd to ingest metrics data
-
Use StatsD to ingest metrics data
-
Verify onboarding of metrics
Module 4 – Bringing Metrics into Splunk: Coverting Logs to Metrics
-
Describe the log-to-metrics process
-
Use the mcollect and meventcollect commands to convert logs to metrics
-
Review and create a custom log-to-metrics sourcetype
-
Compare advantages of conversion methods
Module 5 – Managing Metrics indexes and Metrics rollups
-
Manage metrics indexes
-
Understanding metrics rollups
-
Configure rollup policies
Module 6 – Analytics workshop and SAI
-
Use Analytics Workspace
-
Describe the Splunk app for Infrastructure (SAI)
​
Module 7 – Best practices and performance tuning
-
Describe metrics best practices
-
Tune the performance of metrics processing
Splunk Course Schedules and Timezones
Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.
​
Dates and times displayed for each course are relative to Australian Eastern Time (AET).
​
​
AM Marked Splunk Courses
AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;
​
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
PM Marked Splunk Courses
PM marked courses start at AET 2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;
​
-
UTC+9 including Japan, Korea
-
UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand
-
UTC +5/+6 including India and Sri Lanka