Description
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
Course Objectives
- What is Data Series
- Transforming Data
- Manipulating Data with eval
- Formatting Data
Outline: Statistical Processing (SSP)
Topic 1 – What is a Data Series
- Introduce data series
- Explore the difference between single-series, multi-series, and time series data series
Topic 2 – Transforming Data
- Use the chart, timechart, top, rare, and stats commands to transform events into data tables
- Explore search modes and their effect on search results
Topic 3 – Manipulating Data with eval Command
- Understand the eval command
- Explore and perform calculations using mathematical and statistical eval functions
- Perform calculations and concatenations on field values
- Use the eval command as a function with the stats command
Topic 4 – Formatting Data
- Use the rename command
- Use the sort command
