View My Training Profile
Course Description

This nine-hour course focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts.

Download Course Description
Instructor-led Training Schedule
View Schedule

Course Topics

  • Search Fundamentals
  • Transforming Commands
  • Deriving Statistics
  • Creating Visualizations
  • Enriching Visualizations
  • Manipulating and Filtering Results
  • Correlating Events
Course Objectives

Module 1 - Search Fundamentals

  • Review basic search commands and general search practices
  • Examine the anatomy of a search
  • Use the following commands to perform searches: tables, rename, fields, dedup, sort

Module 2 - Transforming Commands, P1:  Deriving Statistics

  • Use the following commands and their functions: top, rare, stats

Module 3 - Transforming Commands, P2:  Creating Visualizations

  • Data structure requirements
  • Create and format basic charts
  • Create and format timecharts

Module 4 - Using Fields in Searches

  • Use the following commands and their functions: trendline, iplocation, geostats, geom, single values, addtotals

Module 5 - Manipulating and Filtering Results

  • Use the following commands and their functions: eval, filnull, search, where

Module 6 - Correlating Events

  • Identify transactions
  • Group events using fields
  • Group events using fields and time
  • Search with transactions
  • Report on transactions
  • Determine when to use transactions vs. stats