Skip to main content


Splunk Training + Certification

Splunk Fundamentals 2

QUICK LINKS   

My Training Profile | Splunk Education Student Handbook

Course Description

This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model (CIM).

As of Oct. 25, 2021, Splunk Education has replaced this course with the new Single-Subject Courses. Please refer to this page for more information on the new offerings. This course will continue to be offered by our Authorized Learning Partners (ALPs) only until approximately April 30, 2022. 
Download Course Description

Instructor-led Training Schedule
View Schedule
Instructor-on-demand

Registration for this course is no longer available.

Course Prerequisites

  • Splunk Fundamentals 1

Course Topics

  • Transforming commands and visualization
  • Filtering and formatting 
  • Results
  • Correlating events
  • Knowledge objects
  • Fields (Field aliases, field extractions, calculated fields)
  • Tags and event types
  • Macros
  • Workflow actions
  • Data models
  • Splunk Common Information Model (CIM)

Course Objectives

Module 1 - Introduction
  • Overview of Buttercup Games Inc.
  • Lab environment
 
Module 2 - Beyond Search Fundamentals
  • Search fundamentals review
  • Case sensitivity
  • Using the job inspector to view search performance
 
Module 3 - Using Transforming Commands for Visualizations
  • Explore data structure requirements
  • Explore visualization types
  • Create and format charts and timecharts
 
Module 4 - Using Mapping and Single Value Commands
  • The iplocation command
  • The geostats command
  • The geom command
  • The addtotals command
 
Module 5 - Filtering and Formatting Results
  • The eval command
  • Using the search and where commands to filter results
  • The filnull command
 
Module 6 - Correlating Events
  • Identify transactions
  • Group events using fields
  • Group events using fields and time
  • Search with transactions
  • Report on transactions
  • Determine when to use transactions vs. stats
 
Module 7 - Introduction to Knowledge Objects
  • Identify naming conventions
  • Review permissions
  • Manage knowledge objects
 
Module 8 - Creating and Managing Fields
  • Perform regex field extractions using the Field Extractor
    (FX)
  • Perform delimiter field extractions using the FX
 
Module 9 - Creating Field Aliases and Calculated Fields
  • Describe, create, and use field aliases
  • Describe, create and use calculated fields
 
Module 10 - Creating Tags and Event Types
  • Create and use tags
  • Describe event types and their uses
  • Create an event type
 
Module 11 - Creating and Using Macros
  • Describe macros
  • Create and use a basic macro
  • Define arguments and variables for a macro
  • Add and use arguments with a macro
 
Module 12 - Creating and Using Workflow Actions
  • Describe the function of GET, POST, and Search workflow
    actions
  • Create a GET workflow action
  • Create a POST workflow action
  • Create a Search workflow action
 
Module 13 - Creating Data Models
  • Describe the relationship between data models and pivot
  • Identify data model attributes
  • Create a data model
  • Use a data model in pivot
 
Module 14 - Using the Common Information Model (CIM) Add-On
  • Describe the Splunk CIM
  • List the knowledge objects included with the Splunk CIM
    Add-On
  • Use the CIM Add-On to normalize data
WHY SPLUNK?
WHY SPLUNK?
SUPPORT
SUPPORT
RESOURCES
RESOURCES
FOR DEVELOPERS
FOR DEVELOPERS
COMPANY
COMPANY
SPLUNK SITES
SPLUNK SITES
Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005 - 2022 Splunk Inc. All rights reserved.

Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.