• Home
  • Multivalue Fields
cloud computing

Multivalue Fields

This three-hour course is for power users who want to become experts on searching and manipulating multivalue data. Topics will focus on using multivalue eval functions and multivalue commands to create, evaluate, and analyze multivalue data.

Days : 1
Price :

CAD$635.00

Effacer

Description

Certifications

This course is part of the following Certifications:

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Creating search queries

Course Objectives

  • What are Multivalue Fields
  • Creating Multivalue Fields
  • Evaluating Multivalue Fields
  • Analyzing Multivalue Fields

Outline: Multivalue Fields (SMV)

Topic 1 – What are Multivalue Fields?

  • Understand multivalue fields
  • Define self-describing data
  • Understand how JSON data is handled in Splunk
  • Use the spath command to interpret self-describing data
  • Use the mvzip and mvexpand commands to manipulate multivalue fields
  • Convert single-value fields to multivalue fields with specific commands and functions

Topic 2 – Creating Multivalue Fields

  • Creating multivalue fields with the makemv command and the split function of the eval command

Topic 3 – Evaluating Multivalue Fields

  • Use the mvcount, mvindex, and mvfilter eval functions to evaluate multivalue fields

Topic 4 – Manipulating Multivalue Data

  • Use the mvsort, mvzip, mvjoin, mvmap, and mvappend eval functions and the mvexpand command to analyze multivalue data

Related Products

Etiquette

ITIL®4 Foundation

CAD$3,900.00
Add to Cart

Welcome to Mac

Add to Cart
Amazon Web Services logo

AWS Technical Essentials

CAD$895.00
Add to Cart
© Copyright ultimateITcourses 2023. All right reserved.
Created by Turniton.ca