- Free Courses
-
Learning Paths
- Courses for Users
- Courses for Splunk Administrators
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Advanced Dashboards and Visualizations
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
- Courses for Enterprise Security Administrators
- Courses for Enterprise Security End-Users
- Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence End-Users
- Certification Tracks
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Advanced Searching and Reporting
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise 6 on Linux
- Installing Splunk Enterprise 6 on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise 6.3
- Create a Dashboard in Splunk Enterprise
- Using the Splunk MINT SDK for Android
- Using the Splunk MINT SDK for iOS
- Basic Search in Splunk Light
- Create Reports in Splunk Light
- Create Dashboards in Splunk Light
- Create Alerts in Splunk Light
- FAQ
-
- Recertification
- Download Fact Sheet
Course Description
This 13 hour course supplements the Splunk Fundamentals 2 class. It focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Major topics include the Splunk search process, using subsearches, additional statistical commands and functions, formatting and calculating results, charting commands and options, correlating events, and creating advanced lookups, and searching tsidx files.
Instructor-led Training Schedule
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Highly recommended: at least 6 months experience with the Splunk search language
- Beyond Search Fundamentals
- Using Subsearches
- Using Advanced Statistics
- Manipulating and Filtering Data
- Additional Charting Techniques
- Using Advanced Transactions
- Working with Time
- Using Advanced Lookups
- Searching tsidx Files
- Use the proper case in searches
- Describe Splunk’s search process
- Use the search inspector to view search performance
- Use subsearch to provide filtering and other information to
a main search - Learn when to use - and when not to use - subsearches
- Troubleshoot subsearches
- Use statistical functions such as list, max, standard
deviation - Use the appendpipe command
- Use the streamstats and eventstats commands
- Use the following commands and functions:
- bin
- xyseries
- foreach
- where functions: like, isnull
- eval functions: strftime, upper, case, replace
- Use the following commands and functions:
- addtotals
- untable
- append and appendcols
- Find events logged before or after a particular event occurs
- Compare complete vs. incomplete transactions
- Analyze transactions
- Use time modifiers
- Search for events using custom time ranges and time windows
- Display and use using relative dates
- Use custom time ranges in multiple subsearches
- Include or exclude events based on values in a lookup table
- Build a baseline lookup table and reference its values in
alerts
- Use the tstats command to search:
- Normal index data
- Data models
- Data model objects
- tstats vs stats