Duration

4 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • How to create basic searching and visualizations
  • RECOMMENDED: Splunk Foundation Fast Start (SF-FS)

Course Overview

This Power User “Fast Start” course covers over 60 commands, functions, and knowledge objects to provide users with actionable information about searching best practices and knowledge management. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics, compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, correlate and filter data from multiple sources, and create, manage, and share knowledge objects.

This series consists of eight modules with 24 hours of content over 4 days.

Course Objectives

  • Utilize over 60 commands and functions to transform, manipulate, normalize, correlate, and filter data.
  • Filter data using time modifiers and time commands and use formatting functions to accommodate various time formats.
  • Calculate statistics using transforming commands and mathematical and statistical eval functions.
  • Compare, manipulate, and normalize data using several commands including the all-powerful eval command and an array of statistical, comparison, conditional, and formatting functions.
  • Calculate co-occurrence between fields and analyze data from multiple datasets.
  • Create, curate, manage and share knowledge objects.

Course Outline

 

Topic 1 – Working with Time

  • Formatting Time
  • Comparing Index Time versus Search Time
  • Using Time Commands
  • Working with Time Zones

Topic 2 – Statistical Processing

  • What is a Data Series?
  • Transforming Data
  • Manipulating Data with eval
  • Formatting Data

Topic 3 – Comparing Values

  • Using eval to Compare
  • Filtering with where

Topic 4 – Result Modification

  • Manipulating Output
  • Modifying Results Sets
  • Managing Missing Data
  • Modifying Field Values
  • Normalizing with eval

Topic 5 – Correlation Analysis

  • Calculate Co-Occurrence Between Fields
  • Analyze Multiple Datasets

Topic 6 – Intro to Knowledge Objects

  • What are Knowledge Objects?
  • Knowledge Object Settings
  • Managing Knowledge Objects

Topic 7 – Creating Knowledge Objects

  • Knowledge Objects and Search-time Operations
  • Creating Event Types
  • Using Event Type Builder
  • Creating Workflow Actions
  • Creating Tags and Aliases
  • Creating Search Macros

Topic 8 – Creating Field Extractions

  • Using the Field Extractor
  • Creating Regex Field Extractions
  • Creating Delimited Field Extractions

Topic 9 – Data Models

  • Introducing Data Model Datasets
  • Designing Data Models
  • Creating a Pivot
  • Accelerating Data Models

MORE ADVANCED SPLUNK COURSES ARE AVAILABLE.  CONTACT US FOR DETAILS.