Splunk Search Expert Fast Start

This “Fast Start” course covers over 60 commands and functions and prepares students to be search experts. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics, compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, use lookups and subsearches to enrich results, and correlate and filter data from multiple sources.

Days : 3

Price :

CAD$3,810.00

Description

Course Content

Working with Time (WWT)
Statistical Processing (SSP)
Comparing Values (SCV)
Result Modification (SRM)
Leveraging Lookups and Subsearches (LLS)
Correlation Analysis (SCLAS)

Prerequisites

To be successful, students should have a solid understanding of the following:

How Splunk Works
Creating Search queries
Knowledge objects (specifically reports, lookups, and fields)

OR have taken the following:

Foundation Fast Start OR
What is Splunk? (WIS), Intro to Splunk (ITS) and Using Fields (SUF)

Outline: Splunk Search Expert Fast Start (SE-FS)

Topic 1 – Working with Time

Searching with Time
Formatting Time
Comparing index Time versus Search Time
Using Time Commands
Working with Time Zones

Topic 2 – Statistical Processing

What is a Data Series?
Transforming Data
Manipulating Data with eval
Formatting Data

Topic 3 – Comparing Values

Using eval to Compare
Filtering with where

Topic 4 – Result Modification

Manipulating Output
Modifying REsults Sets
Managing Missing Data
Modifying Field Values
Normalizing with eval

Topic 5 – Leveraging Lookups and Subsearches

Using Lookup Commands
Adding a Subsearch
Using the return Command

Topic 6 – Correlation Analysis

Caclulate Co-Occurance Between Fields
Analyze Multiple Datasets