Splunk Fundamentals 2

Course Description

This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model (CIM).

Download Course Description

Instructor-led Training Schedule

View Schedule

Instructor-on-demand

Have 30 day access to content, labs, live chat, and a 20-minute scheduled session with an instructor.

Course Prerequisites

Splunk Fundamentals 1

Course Topics

Transforming commands and visualization
Filtering and formatting
Results
Correlating events
Knowledge objects
Fields (Field aliases, field extractions, calculated fields)
Tags and event types
Macros
Workflow actions
Data models
Splunk Common Information Model (CIM)

Course Objectives

Module 1 - Introduction

Overview of Buttercup Games Inc.
Lab environment

Module 2 - Beyond Search Fundamentals

Search fundamentals review
Case sensitivity
Using the job inspector to view search performance

Module 3 - Using Transforming Commands for Visualizations

Explore data structure requirements
Explore visualization types
Create and format charts and timecharts

Module 4 - Using Mapping and Single Value Commands

The iplocation command
The geostats command
The geom command
The addtotals command

Module 5 - Filtering and Formatting Results

The eval command
Using the search and where commands to filter results
The filnull command

Module 6 - Correlating Events

Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats

Module 7 - Introduction to Knowledge Objects

Identify naming conventions
Review permissions
Manage knowledge objects

Module 8 - Creating and Managing Fields

Perform regex field extractions using the Field Extractor
(FX)
Perform delimiter field extractions using the FX

Module 9 - Creating Field Aliases and Calculated Fields

Describe, create, and use field aliases
Describe, create and use calculated fields

Module 10 - Creating Tags and Event Types

Create and use tags
Describe event types and their uses
Create an event type

Module 11 - Creating and Using Macros

Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro

Module 12 - Creating and Using Workflow Actions

Describe the function of GET, POST, and Search workflow
actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action

Module 13 - Creating Data Models

Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot

Module 14 - Using the Common Information Model (CIM) Add-On

Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM
Add-On
Use the CIM Add-On to normalize data

Splunk Training + Certification