Description
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
- Knowledge objects
Course Objectives
- Introducing Data Model Datasets
- Designing Data Models
- Creating a Pivot
- Accelerating Data Models
Outline: Data Models (SDM)
Topic 1 – Introducing Data Model Datasets
- Understand data models
- Add event, search, and transaction datasets to data models
- Identify event object hierarchy and constraints
- Add fields based on eval expressions to transaction datasets
Topic 2 – Designing Data Models
- Create a data model
- Add root and child datasets to a data model
- Add fields to data models
- Test a data model
- Define permissions for a data model
- Upload/download a data model for backup and sharing
Topic 3 – Creating a Pivot
- Identify benefits of using Pivot
- Create and configure a Pivot
- Visualize a Pivot
- Save a Pivot
- Use Instant Pivot
- Access underlying search for Pivot
Topic 4 – Accelerating Data Model
- Understand the difference between ad-hoc and persistent data model acceleration
- Accelerate a data model
- Describe the role of tsidx files in data model acceleration
- Review considerations about data model acceleration
Topic 5 – Enriching Data
- Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data
