Working with Time is a Splunk Education course that addresses one of the most important and nuanced aspects of working with machine data: time.
What You Will Learn
- Understand how Splunk assigns timestamps to events at index time and search time
- Configure custom timestamp extraction for non-standard log formats
- Use absolute and relative time modifiers in searches to define precise time windows
- Handle time zone differences and configure per-sourcetype time zone settings
- Build time-based reports using timechart, bucket, and now()/relative_time() functions
Who Should Attend
Splunk users, analysts, and administrators who work with time-sensitive data and need accurate, time-aware searches and reports.
Prerequisites
Completion of Splunk Fundamentals 1 or equivalent experience with basic Splunk search.
