- Free Courses
-
Learning Paths
- Courses for Users
- Courses for Splunk Administrators
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Advanced Dashboards and Visualizations
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
- Courses for Enterprise Security Administrators
- Courses for Enterprise Security End-Users
- Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
- Certification Tracks
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Introduction to Phantom
- Developing Phantom Playbooks
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise 6 on Linux
- Installing Splunk Enterprise 6 on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise 6.3
- Create a Dashboard in Splunk Enterprise
- Using the Splunk MINT SDK for Android
- Using the Splunk MINT SDK for iOS
- Basic Search in Splunk Light
- Create Reports in Splunk Light
- Create Dashboards in Splunk Light
- Create Alerts in Splunk Light
- Splunk Certification Candidate Journey
-
- Certification Exams
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This course focuses on additional search commands as well as advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.
Instructor-led Training Schedule
Splunk Fundamentals 1
Splunk Fundamentals 2
- Advanced Statistical Commands
- Advanced eval Commands
- Advanced Lookups
- Alert Actions
- Advanced Field Creation and Management
- Working with Self-Describing Data and Files
- Advanced Macros
- Using Acceleration Options
- Performing statistical analysis with functions of the stat
- command
- Using fieldsummary
- Using appendpipe
- Using eventstats
- Using streamstats
- Using conversion functions
- Using data and time functions
- Using string functions
- Using comparison and conditional functions
- Using informational functions
- Using statistical functions
- Using mathematical functions
- Using cryptographic functions
- Including and excluding events based on lookup values
- Using KV Store lookups
- Using external lookups
- Using geospatial lookups
- Using database lookups
- Understanding best practices for lookups
- Referencing lookups in alerts
- Outputting alert results to a lookup
- Logging and indexing searchable alert events
- Using a webhook alert action
- Using regex
- Using the erex command
- Using the rex command
- Identifying regex best practices
- Using the spath command
- Using the eval command with the spath function
- Extracting fields from table-formatted events with multikv
- Using nested search macros
- Previewing search macros before executing
- Using tags and event types in search macros
Indexing
- Using report acceleration
- Using summary indexing
Files
- Exploring data models using the datamodel command
- Using data model acceleration
- Working with tsidx files using the tstats command