Working with Metrics Training

The Working with Metrics course provides Splunk users in-depth information about metrics, ingesting and searching metrics data, and how to use the Metrics Workspace to analyze and create visualizations.

Units : 2
Duration : 9 hours over 2 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)

*Course discounts apply for Splunk Partners.

One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress.

Participant, Splunk Enterprise Data Administration

Course Topics

Metrics Overview
Metrics Terminology
Onboard Metrics Data
Metrics Indexing
Protocols to Ingest Metrics Data
Metrics SPL Commands
Log to metrics Conversion
Use the Metrics Workspace
Metrics Best Practices Course

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites

Fundamentals 1 (Required)
Fundamentals 2 (Required)
Splunk Enterprise System Administration (Required)
Splunk Enterprise Data Administration (Recommended)

Related Certifications

None

Audience

Splunk Admins and Splunk Architects who are working with IoT, IT performance metric or numeric data sources.

After completing this course you will be able to

Understand the advantages of Metric indexing
Onboard data sources into Metric indexes
How to convert event data into Metrics
How to analyse Metric data within Splunk

Course Objectives

Module 1 – Metrics Overview

Understand the difference between metrics and events
Describe metrics and metrics terminology
Identify the storage and performance benefits of metrics
Review use cases of searching metric data
Describe metrics dimensions and time series

Module 2 – Indexing and searching metrics

Describe metrics indexing
Creating metrics indexes
Onboarding metrics data
Use the mcatalog, msearch and mstats commands to search metrics data

Module 3 – Bringing Metrics into Splunk: Metrics-Formatted Data

Review metrics sourcetypes and supported protocols
Use collectd to ingest metrics data
Use StatsD to ingest metrics data
Verify onboarding of metrics

Module 4 – Bringing Metrics into Splunk: Coverting Logs to Metrics

Describe the log-to-metrics process
Use the mcollect and meventcollect commands to convert logs to metrics
Review and create a custom log-to-metrics sourcetype
Compare advantages of conversion methods

Module 5 – Managing Metrics indexes and Metrics rollups

Manage metrics indexes
Understanding metrics rollups
Configure rollup policies

Module 6 – Analytics workshop and SAI

Use Analytics Workspace
Describe the Splunk app for Infrastructure (SAI)

Module 7 – Best practices and performance tuning

Describe metrics best practices
Tune the performance of metrics processing

Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

AM Marked Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

UTC+10 including Australia (East Coast)
UCT+11/+12 including New Zealand and the Pacific Islands
UTC-8 including USA (West Coast), Canada (West Coast)
UTC-7 including USA (Mid West)

PM Marked Courses

PM marked courses start at AET 2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

UTC+9 including Japan, Korea
UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand
UTC +5/+6 including India and Sri Lanka