- Free Courses
-
Learning Paths
- Courses for Users
- Courses for Splunk Administrators
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for App Developers
-
Courses for Enterprise Security Administrators
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for Enterprise Security End-Users
- Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
- Certification Tracks
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Introduction to Phantom
- Developing Phantom Playbooks
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise 6 on Linux
- Installing Splunk Enterprise 6 on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise 6.3
- Create a Dashboard in Splunk Enterprise
- Using the Splunk MINT SDK for Android
- Using the Splunk MINT SDK for iOS
- Basic Search in Splunk Light
- Create Reports in Splunk Light
- Create Dashboards in Splunk Light
- Create Alerts in Splunk Light
- Splunk Certification Candidate Journey
-
- Certification Exams
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).
Instructor-led Training Schedule
Splunk Fundamentals 1
- Transforming commands and visualization
- Filtering and formatting
- Results
- Correlating events
- Knowledge objects
- Fields (Field aliases, field extractions, calculated fields)
- Tags and event types
- Macros
- Workflow actions
- Data models
- Splunk Common Information Model (CIM)
- Overview of Buttercup Games Inc.
- Lab environment
- Search fundamentals review
- Case sensitivity
- Using the job inspector to view search performance
- Explore data structure requirements
- Explore visualization types
- Create and format charts and timecharts
- The iplocation command
- The geostats command
- The geom command
- The addtotals command
- The eval command
- Using the search and where commands to filter results
- The filnull command
- Identify transactions
- Group events using fields
- Group events using fields and time
- Search with transactions
- Report on transactions
- Determine when to use transactions vs. stats
- Identify naming conventions
- Review permissions
- Manage knowledge objects
- Perform regex field extractions using the Field Extractor
(FX) - Perform delimiter field extractions using the FX
- Describe, create, and use field aliases
- Describe, create and use calculated fields
- Create and use tags
- Describe event types and their uses
- Create an event type
- Describe macros
- Create and use a basic macro
- Define arguments and variables for a macro
- Add and use arguments with a macro
- Describe the function of GET, POST, and Search workflow
actions - Create a GET workflow action
- Create a POST workflow action
- Create a Search workflow action
- Describe the relationship between data models and pivot
- Identify data model attributes
- Create a data model
- Use a data model in pivot
- Describe the Splunk CIM
- List the knowledge objects included with the Splunk CIM
Add-On - Use the CIM Add-On to normalize data