Searching and Reporting with Splunk
This nine-hour follow-on to the Using Splunk class focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands and options, correlating events, creating summaries, enriching data with lookups, and more.
View US schedule » View EUR schedule » View AUS schedule »
Course Topics
- Getting Statistics
- Analyzing, Calculating, and Formatting
- Creating Charts
- Correlating Events
- Enriching Data with Lookups
- Summary Indexing
- Creating and Using Macros
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at your site.
Prerequisites
Using Splunk
Course Objectives
Lesson 1 - Search Fundamentals
- Examine the anatomy of a search
- Understand search language syntax concepts
- Review fields and use the fields command
- Create a table
- Examine multi-value fields
Lesson 2 - Getting Statistics
- Understand the stats command
- Display top and rare values for given fields
- Use the stats command to create statistical reports
Lesson 3 - Formatting and Calculating
- Understand the eval command
- Perform calculations on field values
- Convert, round, and format field values
- Use conditional statements
Lesson 4 - Charting
- Create charts and time charts
- Split values into multiple series
- Omit null and other values from charts
- Apply statistical functions
Lesson 5 - Correlating Events
- Identify transactions
- Correlate events
- Report on transactions
Lesson 6 - Enrich Data with Lookups
- Create a lookup table
- Define a lookup
- Configure automatic and time-based lookups
Lesson 7 - Creating Summaries
- Define summaries
- Populate and run searches against a summary
Lesson 8 - Macros
- Manage macros
- Create and use a basic macro
- Define and use arguments and variables for a macro