Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Splunk

Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time.

The Splunk - Essentials training course teaches you how to search and navigate in Splunk to create reports and dashboards, both using Splunk’s searching and reporting commands and using the product’s interactive Pivot tool. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts.

The Splunk - Intermediate training course picks up where Splunk - Essentials course leaves off, focusing on more advanced searching and reporting commands as well as on the creation of knowledge objects. Scenario-based examples and hands-on challenges coach you step-by-step through the creation of complex searches, reports, and charts. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models.

The Splunk - Advanced training course picks up where Splunk - Intermediate course leaves off, focusing on additional search commands as well as on advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.

For Splunk - Intermediate course:
  • Knowledge of Splunk Fundamentals
  • Splunk Enterprise System Administration
For Splunk - Advanced course:
  • Knowledge of Splunk Intermediate

This Splunk class is ideal for:

  • Specific roles such as Splunk Administrator, Developer, User, Knowledge Manager, or Architect.

COURSE AGENDA

Splunk - Essentials
(Duration : 2 Days)

1

Introduction

2

What is Splunk?

  • Splunk components
  • Installing Splunk
  • Getting data into Splunk
3

Introduction to Splunk's User Interface

  • Understand the uses of Splunk
  • Define Splunk Apps
  • Customizing your user settings
  • Learn basic navigation in Splunk
4

Basic Searching

  • Run basic searches
  • Use autocomplete to help build a search
  • Set the time range of a search
  • Identify the contents of search results
  • Refine searches
  • Use the timeline
  • Work with events
  • Control a search job
  • Save search results
5

Using Fields in Searches

  • Understand fields
  • Use fields in searches
  • Use the fields sidebar
6

Search Language Fundamentals

  • Review basic search commands and general search practices
  • Examine the search pipeline
  • Specify indexes in searches
  • Use autocomplete and syntax highlighting
  • Use the following commands to perform searches:
    • tables
    • rename
    • fields
    • dedup
    • sort
7

Using Basic Transforming Commands

  • The top command
  • The rare command
  • The stats command
8

Creating Reports and Dashboards

  • Save a search as a report
  • Edit reports
  • Create reports that include visualizations such as charts and tables
  • Create a dashboard
  • Add a report to a dashboard
  • Edit a dashboard
9

Datasets and the Common Information Model

  • Naming conventions
  • What are datasets?
  • What is the Common Information Model (CMI)?
10

Describe lookups

  • Create a lookup file and create a lookup definition
  • Configure an automatic lookup
11

Creating Scheduled Reports and Alerts

  • Describe scheduled reports
  • Configure scheduled reports
  • Describe alerts
  • Create alerts
  • View fired alerts
12

Using Pivot

  • Describe Pivot
  • Understand the relationship between data models and pivot
  • Select a data model object
  • Create a pivot report
  • Create an instant pivot from a search
  • Add a pivot report to a dashboard
Splunk - Intermediate
(Duration : 3 Days)

1

Introduction

  • Overview of Buttercup Games Inc.
  • Lab environment
2

Beyond Search Fundamentals

  • Search fundamentals review
  • Case sensitivity
  • Using the job inspector to view search performance
3

Using Transforming Commands for Visualizations

  • Explore data structure requirements
  • Explore visualization types
  • Create and format charts and timecharts
4

Using Mapping and Single Value Commands

  • The iplocation command
  • The geostats command
  • The geom command
  • The addtotals command
5

Filtering and Formatting Results

  • The eval command
  • Using the search and where commands to filter results
  • The filnull command
6

Correlating Events

  • Identify transactions
  • Group events using fields
  • Group events using fields and time
  • Search with transactions
  • Report on transactions
  • Determine when to use transactions vs. stats
7

Introduction to Knowledge Objects

  • Identify naming conventions
  • Review permissions
  • Manage knowledge objects
8

Creating and Managing Fields

  • Perform regex field extractions using the Field Extractor (FX)
  • Perform delimiter field extractions using the FX
9

Creating Field Aliases and Calculated Fields

  • Describe, create, and use field aliases
  • Describe, create and use calculated fields
10

Creating Tags and Event Types

  • Create and use tags
  • Describe event types and their uses
  • Create an event type
11

Creating and Using Macros

  • Describe macros
  • Create and use a basic macro
  • Define arguments and variables for a macro
  • Add and use arguments with a macro
12

Creating and Using Workflow Actions

  • Describe the function of GET, POST, and Search workflow actions
  • Create a GET workflow action
  • Create a POST workflow action
  • Create a Search workflow action
13

Creating Data Models

  • Describe the relationship between data models and pivot
  • Identify data model attributes
  • Create a data model
  • Use a data model in pivot
14

Using the Common Information Model (CIM) Add-On

  • Describe the Splunk CIM
  • List the knowledge objects included with the Splunk CIM Add-On
  • Use the CIM Add-On to normalize data
Splunk - Advanced
(Duration : 3 Days)

1

Exploring Statistical Commands

  • Performing statistical analysis with functions of the stat command
  • Using fieldsummary
  • Using appendpipe
  • Using eventstats
  • Using streamstats
2

Exploring eval Command Functions

  • Using conversion functions
  • Using data and time functions
  • Using string functions
  • Using comparison and conditional functions
  • Using informational functions
  • Using statistical functions
  • Using mathematical functions
  • Using cryptographic functions
3

Exploring Lookups

  • Including and excluding events based on lookup values
  • Using KV Store lookups
  • Using external lookups
  • Using geospatial lookups
  • Using database lookups
  • Understanding best practices for lookups
4

Exploring Alerts

  • Referencing lookups in alerts
  • Outputting alert results to a lookup
  • Logging and indexing searchable alert events
  • Using a webhook alert action
5

Advanced Field Creation and Management

  • Using regex
  • Using the erex command
  • Using the rex command
  • Identifying regex best practices
6

Working with Self-Describing Data and Files

  • Using the spath command
  • Using the eval command with the spath function
  • Extracting fields from table-formatted events with multikv
7

Advanced Search Macros

  • Using nested search macros
  • Previewing search macros before executing
  • Using tags and event types in search macros
8

Using Acceleration Options: Reports and Summary Indexing

  • Using report acceleration
  • Using summary indexing
9

Using Acceleration Options: Data Models and tsidx Files

  • Exploring data models using the datamodel command
  • Using data model acceleration
  • Working with tsidx files using the tstats command

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X