Splunk Fundamentals 2

Support
Support Portal

Submit a case ticket

Splunk Answers

Ask Splunk experts questions

Support Programs

Find support service offerings

System Status

View detailed status

Contact Us

Contact our customer support

Product Security Updates

Keep your data secure
Languages
Click User Account
- Login
- Sign Up
- My Dashboard
- My Profile
- Instances
- Logout

Products
The Splunk Platform

A data platform built for expansive data access, powerful analytics and automation
Learn more

MORE FROM SPLUNK

Pricing

Free Trials & Downloads
Security

Investigation & Forensics

Security Analytics (SIEM)

Unified Security Operations

Automation & Orchestration

Security Incident Response

IT Operations & DevOps

Observability

Infrastructure Monitoring & Troubleshooting

Event Analytics & Management

Service Monitoring & Insights

Application Performance Monitoring (APM)

Incident Response & Automation

AIOps

Digital Experience Monitoring

Logs for Observability
View all products
Solutions
KEY INItiatives

Cloud Transformation

Transform your business in the cloud with Splunk

Business Resilience

Build resilience to meet today’s unpredictable business challenges

Digital Customer Experience

Deliver the innovative and seamless experiences your customers expect
BY FUNCTION

Security

Empower the business to innovate while limiting risks

IT

Go from running the business to transforming it

DevOps

Accelerate the delivery of exceptional user experiences

BY INDUSTRY

Aerospace & Defense

Higher Education

Communications

Manufacturing

Energy & Utilities

Online Services

Financial Services

Public Sector

Healthcare

Retail

View all industries
Why Splunk?
Why Splunk?

Bring data to every question, decision and action across your organization
Learn more
Customer Stories

See why organizations around the world trust Splunk

Partners

Accelerate value with our powerful partner ecosystem

Diversity & Inclusion

Learn how we support change for customers and communities
Resources
MORE FROM SPLUNK

Resources

Explore E-books, white papers and more

Events

Join us at an event near you

Blogs

See what Splunk is doing
GET STARTED

Splunk Lantern

Clear and actionable guidance from Splunk Experts

Expert Services

It’s easy to get the help you need

Get Started With Splunk

Learn how to use Splunk

Data Insider

Focused primers on top technology topics

become an expert

Splunk Training & Certification

Get certified to become a Splunk Expert

Documentation

Find answers and guidance on how to use Splunk

User Groups

Meet Splunk enthusiasts in your area

Community

Get inspired and share knowledge

Expand & optimize

Services & Support

Customer Success starts with data success

Splunkbase

See Splunk’s 1000+ apps and add-ons

Splunk Dev

Create your own Splunk apps

QUICK LINKS

My Training Profile | Splunk Education Student Handbook

Course Description

This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model (CIM).

As of Oct. 25, 2021, Splunk Education has replaced this course with the new Single-Subject Courses. Please refer to this page for more information on the new offerings. This course will continue to be offered by our Authorized Learning Partners (ALPs) only until approximately April 30, 2022.

Download Course Description

Instructor-led Training Schedule

View Schedule

Instructor-on-demand

Registration for this course is no longer available.

Course Prerequisites

Splunk Fundamentals 1

Course Topics

Transforming commands and visualization
Filtering and formatting
Results
Correlating events
Knowledge objects
Fields (Field aliases, field extractions, calculated fields)
Tags and event types
Macros
Workflow actions
Data models
Splunk Common Information Model (CIM)

Course Objectives

Module 1 - Introduction

Overview of Buttercup Games Inc.
Lab environment

Module 2 - Beyond Search Fundamentals

Search fundamentals review
Case sensitivity
Using the job inspector to view search performance

Module 3 - Using Transforming Commands for Visualizations

Explore data structure requirements
Explore visualization types
Create and format charts and timecharts

Module 4 - Using Mapping and Single Value Commands

The iplocation command
The geostats command
The geom command
The addtotals command

Module 5 - Filtering and Formatting Results

The eval command
Using the search and where commands to filter results
The filnull command

Module 6 - Correlating Events

Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats

Module 7 - Introduction to Knowledge Objects

Identify naming conventions
Review permissions
Manage knowledge objects

Module 8 - Creating and Managing Fields

Perform regex field extractions using the Field Extractor
(FX)
Perform delimiter field extractions using the FX

Module 9 - Creating Field Aliases and Calculated Fields

Describe, create, and use field aliases
Describe, create and use calculated fields

Module 10 - Creating Tags and Event Types

Create and use tags
Describe event types and their uses
Create an event type

Module 11 - Creating and Using Macros

Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro

Module 12 - Creating and Using Workflow Actions

Describe the function of GET, POST, and Search workflow
actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action

Module 13 - Creating Data Models

Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot

Module 14 - Using the Common Information Model (CIM) Add-On

Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM
Add-On
Use the CIM Add-On to normalize data

Splunk Training + Certification