Description
Topic 1 – Searching with Time
- Understand the _time field and timestamps
- View and interact with the Event Timeline
- Use the earliest and latest time modifiers
- Use the bin command with the _time field
Topic 2 – Formatting Time
- Use various date and time eval functions to format time
Topic 3 – Using Time Commands
- Use the timechart command
- Use the timewrap command
Topic 4 – Working with Time Zones
- Understand how time and timezones are represented in your data
- Determine the time zone of your server
- Use strftime to correct timezones in results
Certifications
This course is part of the following Certifications:
Splunk Core Certified Advanced Power User
Splunk Core Certified User
Splunk Core Certified Power User
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
- The eval command
Course Objectives
- Searching with Time
- Formatting Time
- Comparing Index Time versus Search Time
- Using Time Commands
- Working with Time Zones
