Searching and Reporting with Splunk
This nine-hour course focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts.
Self-paced eLearning version of this course with live 30-day lab access also available. View details »
Upcoming Classes
Course Topics
- Search Fundamentals
- Transforming Commands
- Deriving Statistics
- Creating Visualizations
- Enriching Visualizations
- Manipulating and Filtering Results
- Correlating Events
Course Prerequisites
Using SplunkClass Format
Instructor-led lecture with labs. Delivered via virtual classroom or at your site.
Course Objectives
Module 1 - Search Fundamentals
- Review basic search commands and general search practices
- Examine the anatomy of a search
- Use the following commands to perform searches:
- tables
- rename
- fields
- dedup
- sort
Module 2 - Transforming Commands, P1: Deriving Statistics
- Use the following commands and their functions:
- top
- rare
- stats
Module 3 - Transforming Commands, P2: Creating Visualizations
- Data structure requirements
- Create and format basic charts
- Create and format timecharts
Module 4 - Transforming Commands, P3: Enriching Visualizations
- Use the following commands and their functions:
- trendline
- iplocation
- geostats
- geom
- single values
- addtotals
Module 5 - Manipulating and Filtering Results
- Use the following commands and their functions:
- eval
- filnull
- search
- where
Module 6 - Correlating Events
- Identify transactions
- Group events using fields
- Group events using fields and time
- Search with transactions
- Report on transactions
- Determine when to use transactions vs. stats
