Description
Who should attend
Search Experts and Knowledge Managers
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
- Knowledge objects
Course Objectives
- Manipulating Output
- Modifying Result Sets
- Managing Missing Data
- Modifying Field Values
- Normalizing with eval
Outline: Result Modification (SRM)
Topic 1 – Manipulating Output
- Convert a 2-D table into a flat table with the untable command
- Convert a flat table into a 2-D table with the xyseries command
Topic 2 – Modifying Result Sets
- Append data to search results with the appendpipe command
- Calculate event statistics with the eventstats command
- Calculate “streaming” statistics with the streamstats command
- Modify values to segregate events with the bin command
Topic 3 – Managing Missing Data
- Find missing and null values with the fillnull command
Topic 4 – Modifying Field Values
- Understand the eval command
- Use conversion and text eval functions to modify field values
- Reformat fields with the foreach command
Topic 5 – Normalizing with eval
- Normalize data with eval functions
- Identify eval functions to use for data and field normalization
