Skip to main content

Splunk Training + Certification

Splunk Fundamentals 3

Course Description

This course focuses on additional search commands as well as advanced use of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookup topics, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.

Download Course Description

Instructor-led Training Schedule

View Schedule
Instructor-on-demand

Have 30 day access to content, labs, live chat, and a 20-minute scheduled session with an instructor.

Register

Course Prerequisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Course Topics

  • Advanced Statistical Commands
  • Advanced eval Commands
  • Advanced Lookups
  • Alert Actions
  • Advanced Field Creation and Management
  • Working with Self-Describing Data and Files
  • Advanced Macros
  • Using Acceleration Options

Course Objectives
 

Module 1 – Exploring Statistical Commands
  • Performing statistical analysis with functions of the stat
  • Using field summary
  • Using appendpipe
  • Using eventstats
  • Using streamstats
 
Module 2 – Exploring eval Command Functions
  • Using conversion functions
  • Using data and time functions
  • Using string functions
  • Using comparison and conditional functions
  • Using informational functions
  • Using statistical functions
  • Using mathematical functions
  • Using cryptographic functions
 
Module 3 – Exploring Lookups
  • Including and excluding events based on lookup values
  • Using KV Store lookups
  • Using external lookups
  • Using geospatial lookups
  • Using database lookups
  • Understanding best practices for lookups
 
Module 4 – Exploring Alerts
  • Referencing lookups in alerts
  • Outputting alert results to a lookup
  • Logging and indexing searchable alert events
  • Using a webhook alert action
 
Module 5 – Advanced Field Creation and Management
  • Using regex
  • Using the erex command
  • Using the rex command
  • Identifying regex best practices
 
Module 6 – Working with Self-Describing Data and Files
  • Using the spath command
  • Using the eval command with the spath function
  • Extracting fields from table-formatted events with multikv
 
Module 7 – Advanced Search Macros
  • Using nested search macros
  • Previewing search macros before executing
  • Using tags and event types in search macros
 
Module 8 – Using Acceleration Options: Reports and Summary Indexing
  • Using report acceleration
  • Using summary indexing
 
Module 9 – Using Acceleration Options: Data Models and tsidx Files
  • Exploring data models using the datamodel command
  • Using data model acceleration
  • Working with tsidx files using the tstats command
PLATFORM
PLATFORM
SECURITY
SECURITY
IT OPERATIONS & DEVOPS
IT OPERATIONS & DEVOPS
SOLUTIONS BY INITIATIVE
SOLUTIONS BY INITIATIVE
SOLUTIONS BY FUNCTION
SOLUTIONS BY FUNCTION
SOLUTIONS BY INDUSTRY
SOLUTIONS BY INDUSTRY
WHY SPLUNK?
WHY SPLUNK?
SUPPORT
SUPPORT
RESOURCES
RESOURCES
FOR DEVELOPERS
FOR DEVELOPERS
COMPANY
COMPANY
SPLUNK SITES
SPLUNK SITES
Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005-2021 Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.