Prerequisites
To be successful, students should have a good understanding of the following:
-
How Splunk works
-
How to create search queries
-
Knowledge objects, especially reports, lookups, and fields
-
Alternatively, students should have completed one of the following training options:
-
Foundation Fast Track, or
-
Intro to Splunk (ITS), and Using Fields (SUF).
Course Overview
This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics,
compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, use lookups and subsearches to enrich results, and correlate and filter data from multiple sources.
Course Outline
-
Topic 1 – Working with Time
-
Searching with Time
-
Formatting Time
-
Comparing index Time versus Search Time
-
Using Time Commands
-
Working with Time Zones
-
Topic 2 – Statistical Processing
-
What is a Data Series?
-
Transforming Data
-
Manipulating Data with eval
-
Formatting Data
-
Topic 3 – Comparing Values
-
Using eval to Compare
-
Filtering with where
-
Topic 4 – Result Modification
-
Manipulating Output
-
Modifying REsults Sets
-
Managing Missing Data
-
Modifying Field Values
-
Normalizing with eval
-
Topic 5 – Leveraging Lookups and Subsearches
-
Using Lookup Commands
-
Adding a Subsearch
-
Using the return Command
-
Topic 6 - Correlation Analysis
-
Caclulate Co-Occurance Between Fields
-
Analyze Multiple Datasets
Further information
If you would like to know more about this course please contact us
