Searching and Reporting with Splunk

This nine-hour course focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts.

View schedule »

Download course description »

Self-paced eLearning version of this course with live 30-day lab access also available. View details »

Upcoming Classes

Course Topics

  • Search Fundamentals
  • Transforming Commands
    • Deriving Statistics
    • Creating Visualizations
    • Enriching Visualizations
  • Manipulating and Filtering Results
  • Correlating Events

Course Prerequisites

Using Splunk

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Objectives

Module 1 - Search Fundamentals

  • Review basic search commands and general search practices
  • Examine the anatomy of a search
  • Use the following commands to perform searches:
    • tables
    • rename
    • fields
    • dedup
    • sort

Module 2 - Transforming Commands, P1:  Deriving Statistics

  • Use the following commands and their functions:
    • top
    • rare
    • stats

Module 3 - Transforming Commands, P2:  Creating Visualizations

  • Data structure requirements
  • Create and format basic charts
  • Create and format timecharts

Module 4 - Transforming Commands, P3: Enriching Visualizations

  • Use the following commands and their functions:
    • trendline
    • iplocation
    • geostats
    • geom
    • single values
    • addtotals

Module 5 - Manipulating and Filtering Results

  • Use the following commands and their functions:
    • eval
    • filnull
    • search
    • where

Module 6 - Correlating Events

  • Identify transactions
  • Group events using fields
  • Group events using fields and time
  • Search with transactions
  • Report on transactions
  • Determine when to use transactions vs. stats