Course Description

This nine-hour course teaches you to use Splunk's REST API and Java and Python SDKs to bring new data into Splunk, remotely create and interact with Splunk objects such as ad-hoc and saved searches, and more. Learn to interact directly with the Splunk REST API, and also learn best practices for development--when are the SDKs the right choice, vs. REST, vs. other Splunk built-in tools.

Instructor-led Training Schedule

Course Topics

  • Exploring the REST API and SDKs
  • Connection and authentication
  • Object management and simple searching
  • Advanced searching
  • Handling search jobs and results
  • Writing data to Splunk
Course Objectives

Module 1 - Overview

  • Understand the REST API and Splunk SDKs
  • Identify Other Splunk development tools
  • Use REST endpoints in simple scripts
  • Understand the User/App context


Module 2 -  Exploring the REST API and SDKs

  • Install the Java SDK
  • Install the Python SDK
  • Explore SDK packages


Module 3 - Connection and Authentication

  • Understand connection and authentication
  • Understand the authentication process
  • Use authentication tokens for multi-step operations
  • Understand connection operations


Module 4 - Object Management

  • List Splunk objects
  • Create and edit Splunk objects

Module 5 - Basic Searching

  • Understand basic search language syntax and search best practices
  • Execute a search using the oneshot method
  • Retrieve search results and display them on screen

Module 6 - Advanced Searching

  • Identify types of searches
  • Create normal, export, and real-time searches
  • Create and run a saved search

Module 7 - Searching Jobs and Resukts

  • Managing jobs
  • Traversing large result sets
  • Count and Offset management
  • Handling real-time jobs
  • Managing Alerts

Module 8 - Writing Data to Splunk

  • Create and manage indexes
  • Identify best practices for writing data
  • Use Input classes to add data to indexes
  • Use direct input methods to add data to indexes