Splunk Power User Fast Start

Listenpreis 4.000,00 € exkl. MwSt.
4.760,00 € inkl. MwSt. Dauer 4 Tage

Leistungen Präsenz

• Schulung im Trainingscenter
• Verpflegung
• Teilnahmebestätigung / Zertifikat

Leistungen bei VCL Training

• Technischer Support
• Online Zugang
• Teilnahmebestätigung / Zertifikat

Ihre Ansprechpartnerin

Manuela Krämer

Leitung
Informationssicherheit

Kontakt/Fragen:
m.kraemer@cbt-training.de
Telefon: +49 (0)89-4576918-12

Seminarinhalte als PDF

• Kursbeschreibung
• Termine
• Unterlagen
• Hinweise
• Dozent
• Prüfung
• Firmenseminar

• Kursbeschreibung
  Inhalte
  Working with Time:
  

  • Module 1 - Searching with Time
    • Understand the _time field and timestamps
    • View and interact with the Event Timeline
    • Use the earliest and latest time modifiers
    • Use the bin command with the _time field

  
  

  • Module 2 - Formatting TIme
    • Use various date and time eval functions to format time

  
  

  • Module 3 - Using Time Commands
    • Use the timechart command
    • Use the timewrap command

  
  

  • Module 4 - Working with Time Zones
    • Understand how time and timezones are represented in your data
    • Determine the time zone of your server
    • Use strftime to correct timezones in results

  
  
  Statistical Processing:
  

  • Module 1 - What is a Data Series
    • Introduce data series
    • Explore the difference between single-series, multi-series, and time series data series

  
  

  • Module 2 - Transforming Data
    • Use the chart, timechart, top, rare, and stats commands to transform events into data tables

  
  

  • Module 3 - Manipulating Data with eval Command
    • Understand dthe eval command
    • Explore and perform calculations using mathematical and statistical eval functions
    • Perform calculations and concatenations on field values
    • Use the eval command as a function with the stats comman

  
  

  • Module 4 - Formatting Data
    • Use the rename command
    • Use the sort command

  
  
  Comparing Values:
  

  • Module 1 - Using eval to Compare
    • Understand the eval command
    • Explain evaluation functions
    • Identify and use comparison and conditional functions
    • Use the fieldformat command to format field values

  
  

  • Module 2 - Filtering with where
    • Use the where command to filter results
    • Use wildcards with the where command
    • Filter fields with the information functions, isnull and isnotnull

  
  
  Result Modification:
  

  • Module 1 - Manipulating Output
    • Convert a 2-D table into a flat table with the untable command
    • Convert a flat table into a 2-D table with the xyseries command

  
  

  • Module 2 - Modifying Result Sets
    • Append data to search results with the appendpipe command
    • Calculate event statistics with the eventstats command
    • alculate "streaming" statistics with the streamstats command
    • Modify values to segregate events with the bin command

  
  

  • Module 3 - Managing Missing Data
    • Find missing and null values with the fillnull command

  
  

  • Module 4 - Modifying Field Values
    • Understand the eval command
    • Use conversion and text eval functions to modify field values
    • Reformat fields with the foreach command

  
  

  • Module 5 - Normalizing with eval
    • Normalize data with eval functions
    • Identify eval functions to use for data and field normalization

  
  Correlation Analysis:
  

  • Module 1 - Calculate Co-Occurrence Between Fields
    • Understand transactions
    • Explore the transaction command

  
  

  • Module 2 - Analyze Multiple Data Sources
    • Understand subsearch
    • Use the append, appendcols, union, and join commands to combine, analyze, and compare multiple data sources
    • Creating Knowledge Objects

  
  

  • Topic 1 - Knowledge Objects & Search-time Operations
    • Understand role of knowledge objects for enriching data
    • Define search-time operation sequence

  
  

  • Topic 2 - Creating Event Types
    • Define event types
    • Create event types using three methods
    • Tag event types
    • Compare event types and reports

  
  

  • Topic 3 - Creating Workflow Actions
    • Identify what are workflow actions
    • Create a GET, POST, and search workflow action
    • Test workflow actions

  
  

  • opic 4 - Creating Tags and Aliases
    • Describe field aliases and tags
    • Create field aliases and tags
    • - Search with field aliases and tags

  
  

  • Topic 5 - Creating Search Macros
    • Explain search macros
    • Create macros with and without arguments
    • Validate macro arguments
    • Use and preview macros at search time
    • Create and use nested macros
    • Use macros with other knowledge objects

  
  

  • Topic 6 - Creating Calculated Fields
    • Explain calculated fields
    • Create a calculated field
    • Use a calculated field in search

  
  
  Creating Field Extractions:
  

  • Module 1 - Using the Field Extractor
    • Understand types of extracted fields and when they are extracted
    • Explore the Splunk Web Field Extractor (FX)

  
  

  • Module 2 - Creating Regex Field Extractions
    • Identify basics of regular expressions (regex)
    • Understand the regex field extraction workflow
    • Edit regex for field extractions

  
  

  • Module 3 - Creating Delimited Field Extractions
    • Identify delimited field values in event data
    • Understand the delimited field extraction workflow

  
  
  Data Models:
  

  • Module 1 - Introducing Data Model Datasets
    • Understand data models
    • Add event, search, and transaction datasets to data models
    • Identify event object hierarchy and constraints
    • Add fields based on eval expressions to transaction datasets

  
  

  • Module 2 - Designing Data Models
    • Create a data model
    • Add root and child datasets to a data model
    • Add fields to data models
    • Test a data model
    • Define permissions for a data model
    • Upload/download a data model for backup and sharing

  
  

  • Module 3 - Creating a Pivot
    • Identify benefits of using Pivot
    • Create and configure a Pivot
    • Visualize a Pivot
    • Save a Pivot
    • Use Instant Pivot

  
  
  Access underlying search for Pivot:
  

  • Module 4 - Accelerating Data Models
    • Understand the difference between ad-hoc and persistent data model acceleration
    • Accelerate a data model
    • Describe the role of tsidx files in data model acceleration
    • Review considerations about data model acceleration

  
  

  ---

  Ziele
  This course is for Splunk Power Users who want to become experts on the following Splunk topics:
  
  Working with Time:
  for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.
  
  Statistical Processing:
  to identify and use transforming commands and eval functions to calculate statistics on their data. Topics will cover data series types, primary transforming commands, mathematical and statistical eval functions, using eval as a function, and the rename and sort commands.
  
  Comparing Values:
  to learn how to compare field values using eval functions and eval expressions. Topics will focus on using the comparison and conditional functions of the eval command, and using eval expressions with the field format and where commands
  
  Result Modification:
  to use commands to manipulate output and normalize data. Topics will focus on specific commands for manipulating fields and field values, modifying result sets, and managing missing data. Additionally, students will learn how to use specific eval command functions to normalize fields and field values across multiple data sources.
  
  Correlation Analysis:
  to learn how to calculate co-occurrence between fields and analyze data from multiple datasets. Topics will focus on the transaction, append, appendcols, union, and join commands.
  
  Creating Knowledge Objects:
  to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.
  
  Creating Field Extractions:
  to learn about field extraction and the Field Extractor (FX) utility. Topics will cover when certain fields are extracted and how to use the FX to create regex and delimited field extractions.
  
  Data Models:
  to learn how to create and accelerate data models. Topics will cover datasets, designing data models, using the Pivot editor, and accelerating data models.
  
  Kursinhalt:
  

  • Working with Time
  • Statistical Processing
  • Comparing Values
  • Result Modification
  • Correlation Analysis
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Data Models

  
  

  ---

  Zielgruppe
  
  

  ---

  Voraussetzungen
  Folgende Grundkenntnisse sollten die Teilnehmer haben:
  

  • How Splunk works
  • Creating search queries

  
  
  Voraussetzungen können mit folgenden E-Learnings erworben werden:
  

  • What is Splunk (SSC) : https://www.splunk.com/en_us/training/courses/what-is-splunk.html
  • Intro to Splunk (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-splunk.html
  • Using Fields (SSC) : https://www.splunk.com/en_us/training/courses/using-fields.html
  • Visualizations (SSC) : https://www.splunk.com/en_us/training/courses/visualizations.html
  • Intro to Knowledge Objects (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-knowledge-objects.html
  • Search Under the Hood (SSC) : https://www.splunk.com/en_us/training/courses/search-under-the-hood.html
• Termine

  Datum	Ort	Status	Aktionspreis	Buchen	Angebot
  09.10. – 12.10.2023	Virtual Classroom LIVE
  13.11. – 16.11.2023	Virtual Classroom LIVE

• Unterlagen
  E-BOOK - Die Original-Herstellerunterlage zu diesem Kurs erhalten Sie als digitale Kursunterlage.
  
• Hinweise
  Hinweis:
  HINWEIS: Stellen Sie sicher, dass Sie ein Modul innerhalb von 4 Stunden abschließen, beginnen Sie ein Modul nicht an einem Tag und beenden Sie es am nächsten Tag.
  
  

  • Network Security
  • Data Intelligence AI
  • Cloud
• Dozent
  Im Splunk zertifizierten Trainingscenter führen ausschließlich zertifizierte Trainer Splunk Kurse durch.
  
  Diesen Developer Fast Track führen wir mit unserem zertifizierten Partner der Arrow ECS durch.
• Prüfung
  Certification : Splunk Core Certified Power User
• Firmenseminare

  Firmen- oder Inhouseschulungen finden ausschließlich mit Teilnehmern Ihrer Firma
  in unseren oder Ihren Räumlichkeiten oder als Online LIVE Schulung statt.
  
  Überblick zu den Vorteilen unserer individuellen Firmen- und Inhouseschulungen:

  • Individuelle Zusammenstellung der Themen, gemäß Ihren Anforderungen
  • Maßgeschneidert auf Ihre Ziele
  • Termin und Zeitraum der Firmenschulung bestimmen Sie
  • Schulungsort: Ob bei Ihnen vor Ort, in unseren Trainingsräumen oder als Online LIVE Training – Sie entscheiden
  • Firmenschulungen sind oft kostengünstiger, vor allem bei einer größeren Anzahl von Mitarbeitern
  • Rundum-Service in unseren Räumen, damit sich Ihre Mitarbeiter voll auf den Kurs konzentrieren können

  
  Gerne unterbreiten wir Ihnen ein Angebot.
  Füllen Sie hierfür bitte unser Anfrage-Formular aus oder vereinbaren Sie gleich einen Beratungstermin:
  Telefon +49 89 4576918-40 / E-Mail beratung@cbt-training.de

  Anfrage