Splunk Power User Fast Start
Inhalte
Working with Time:
Statistical Processing:
Comparing Values:
Result Modification:
Correlation Analysis:
Creating Field Extractions:
Data Models:
Access underlying search for Pivot:
- Module 1 - Searching with Time
- Understand the _time field and timestamps
- View and interact with the Event Timeline
- Use the earliest and latest time modifiers
- Use the bin command with the _time field
- Module 2 - Formatting TIme
- Use various date and time eval functions to format time
- Module 3 - Using Time Commands
- Use the timechart command
- Use the timewrap command
- Module 4 - Working with Time Zones
- Understand how time and timezones are represented in your data
- Determine the time zone of your server
- Use strftime to correct timezones in results
Statistical Processing:
- Module 1 - What is a Data Series
- Introduce data series
- Explore the difference between single-series, multi-series, and time series data series
- Module 2 - Transforming Data
- Use the chart, timechart, top, rare, and stats commands to transform events into data tables
- Module 3 - Manipulating Data with eval Command
- Understand dthe eval command
- Explore and perform calculations using mathematical and statistical eval functions
- Perform calculations and concatenations on field values
- Use the eval command as a function with the stats comman
- Module 4 - Formatting Data
- Use the rename command
- Use the sort command
Comparing Values:
- Module 1 - Using eval to Compare
- Understand the eval command
- Explain evaluation functions
- Identify and use comparison and conditional functions
- Use the fieldformat command to format field values
- Module 2 - Filtering with where
- Use the where command to filter results
- Use wildcards with the where command
- Filter fields with the information functions, isnull and isnotnull
Result Modification:
- Module 1 - Manipulating Output
- Convert a 2-D table into a flat table with the untable command
- Convert a flat table into a 2-D table with the xyseries command
- Module 2 - Modifying Result Sets
- Append data to search results with the appendpipe command
- Calculate event statistics with the eventstats command
- alculate "streaming" statistics with the streamstats command
- Modify values to segregate events with the bin command
- Module 3 - Managing Missing Data
- Find missing and null values with the fillnull command
- Module 4 - Modifying Field Values
- Understand the eval command
- Use conversion and text eval functions to modify field values
- Reformat fields with the foreach command
- Module 5 - Normalizing with eval
- Normalize data with eval functions
- Identify eval functions to use for data and field normalization
Correlation Analysis:
- Module 1 - Calculate Co-Occurrence Between Fields
- Understand transactions
- Explore the transaction command
- Module 2 - Analyze Multiple Data Sources
- Understand subsearch
- Use the append, appendcols, union, and join commands to combine, analyze, and compare multiple data sources
- Creating Knowledge Objects
- Topic 1 - Knowledge Objects & Search-time Operations
- Understand role of knowledge objects for enriching data
- Define search-time operation sequence
- Topic 2 - Creating Event Types
- Define event types
- Create event types using three methods
- Tag event types
- Compare event types and reports
- Topic 3 - Creating Workflow Actions
- Identify what are workflow actions
- Create a GET, POST, and search workflow action
- Test workflow actions
- opic 4 - Creating Tags and Aliases
- Describe field aliases and tags
- Create field aliases and tags
- - Search with field aliases and tags
- Topic 5 - Creating Search Macros
- Explain search macros
- Create macros with and without arguments
- Validate macro arguments
- Use and preview macros at search time
- Create and use nested macros
- Use macros with other knowledge objects
- Topic 6 - Creating Calculated Fields
- Explain calculated fields
- Create a calculated field
- Use a calculated field in search
Creating Field Extractions:
- Module 1 - Using the Field Extractor
- Understand types of extracted fields and when they are extracted
- Explore the Splunk Web Field Extractor (FX)
- Module 2 - Creating Regex Field Extractions
- Identify basics of regular expressions (regex)
- Understand the regex field extraction workflow
- Edit regex for field extractions
- Module 3 - Creating Delimited Field Extractions
- Identify delimited field values in event data
- Understand the delimited field extraction workflow
Data Models:
- Module 1 - Introducing Data Model Datasets
- Understand data models
- Add event, search, and transaction datasets to data models
- Identify event object hierarchy and constraints
- Add fields based on eval expressions to transaction datasets
- Module 2 - Designing Data Models
- Create a data model
- Add root and child datasets to a data model
- Add fields to data models
- Test a data model
- Define permissions for a data model
- Upload/download a data model for backup and sharing
- Module 3 - Creating a Pivot
- Identify benefits of using Pivot
- Create and configure a Pivot
- Visualize a Pivot
- Save a Pivot
- Use Instant Pivot
Access underlying search for Pivot:
- Module 4 - Accelerating Data Models
- Understand the difference between ad-hoc and persistent data model acceleration
- Accelerate a data model
- Describe the role of tsidx files in data model acceleration
- Review considerations about data model acceleration
Ziele
This course is for Splunk Power Users who want to become experts on the following Splunk topics:
Working with Time:
for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.
Statistical Processing:
to identify and use transforming commands and eval functions to calculate statistics on their data. Topics will cover data series types, primary transforming commands, mathematical and statistical eval functions, using eval as a function, and the rename and sort commands.
Comparing Values:
to learn how to compare field values using eval functions and eval expressions. Topics will focus on using the comparison and conditional functions of the eval command, and using eval expressions with the field format and where commands
Result Modification:
to use commands to manipulate output and normalize data. Topics will focus on specific commands for manipulating fields and field values, modifying result sets, and managing missing data. Additionally, students will learn how to use specific eval command functions to normalize fields and field values across multiple data sources.
Correlation Analysis:
to learn how to calculate co-occurrence between fields and analyze data from multiple datasets. Topics will focus on the transaction, append, appendcols, union, and join commands.
Creating Knowledge Objects:
to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.
Creating Field Extractions:
to learn about field extraction and the Field Extractor (FX) utility. Topics will cover when certain fields are extracted and how to use the FX to create regex and delimited field extractions.
Data Models:
to learn how to create and accelerate data models. Topics will cover datasets, designing data models, using the Pivot editor, and accelerating data models.
Kursinhalt:
Working with Time:
for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.
Statistical Processing:
to identify and use transforming commands and eval functions to calculate statistics on their data. Topics will cover data series types, primary transforming commands, mathematical and statistical eval functions, using eval as a function, and the rename and sort commands.
Comparing Values:
to learn how to compare field values using eval functions and eval expressions. Topics will focus on using the comparison and conditional functions of the eval command, and using eval expressions with the field format and where commands
Result Modification:
to use commands to manipulate output and normalize data. Topics will focus on specific commands for manipulating fields and field values, modifying result sets, and managing missing data. Additionally, students will learn how to use specific eval command functions to normalize fields and field values across multiple data sources.
Correlation Analysis:
to learn how to calculate co-occurrence between fields and analyze data from multiple datasets. Topics will focus on the transaction, append, appendcols, union, and join commands.
Creating Knowledge Objects:
to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.
Creating Field Extractions:
to learn about field extraction and the Field Extractor (FX) utility. Topics will cover when certain fields are extracted and how to use the FX to create regex and delimited field extractions.
Data Models:
to learn how to create and accelerate data models. Topics will cover datasets, designing data models, using the Pivot editor, and accelerating data models.
Kursinhalt:
- Working with Time
- Statistical Processing
- Comparing Values
- Result Modification
- Correlation Analysis
- Creating Knowledge Objects
- Creating Field Extractions
- Data Models
Zielgruppe
Voraussetzungen
Folgende Grundkenntnisse sollten die Teilnehmer haben:
Voraussetzungen können mit folgenden E-Learnings erworben werden:
- How Splunk works
- Creating search queries
Voraussetzungen können mit folgenden E-Learnings erworben werden:
- What is Splunk (SSC) : https://www.splunk.com/en_us/training/courses/what-is-splunk.html
- Intro to Splunk (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-splunk.html
- Using Fields (SSC) : https://www.splunk.com/en_us/training/courses/using-fields.html
- Visualizations (SSC) : https://www.splunk.com/en_us/training/courses/visualizations.html
- Intro to Knowledge Objects (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-knowledge-objects.html
- Search Under the Hood (SSC) : https://www.splunk.com/en_us/training/courses/search-under-the-hood.html
Unterlagen
E-BOOK - Die Original-Herstellerunterlage zu diesem Kurs erhalten Sie als digitale Kursunterlage.
Hinweise
Hinweis:
HINWEIS: Stellen Sie sicher, dass Sie ein Modul innerhalb von 4 Stunden abschließen, beginnen Sie ein Modul nicht an einem Tag und beenden Sie es am nächsten Tag.
HINWEIS: Stellen Sie sicher, dass Sie ein Modul innerhalb von 4 Stunden abschließen, beginnen Sie ein Modul nicht an einem Tag und beenden Sie es am nächsten Tag.
- Network Security
- Data Intelligence AI
- Cloud
Dozent
Im Splunk zertifizierten Trainingscenter führen ausschließlich zertifizierte Trainer Splunk Kurse durch.
Diesen Developer Fast Track führen wir mit unserem zertifizierten Partner der Arrow ECS durch.
Diesen Developer Fast Track führen wir mit unserem zertifizierten Partner der Arrow ECS durch.
Prüfung
Certification : Splunk Core Certified Power User
Preise
Kursgebühr
4.000,00 € exkl. MwSt.
4.760,00 € inkl. MwSt. Kursdauer 4 Tage
Termine & Buchung & Angebot
22. – 25.04.2025
Virtual Classroom LIVE
22. – 25.04.2025
München
19. – 22.05.2025
Virtual Classroom LIVE
23. – 26.06.2025
Virtual Classroom LIVE
21. – 24.07.2025
Virtual Classroom LIVE
Ihre Ansprechpartnerin
Gabriela Bücherl
Geschäftsführung
Vertrieb
Kontakt/Fragen:
beratung@cbt-training.de
Telefon: +49 (0)89-4576918-16
Anfrage für ein Firmenseminar
- Individuelle Zusammenstellung der Themen
- Maßgeschneidert auf Ihre Ziele
- Inhouse oder als Virtual Classroom LIVE Training
Leistungen Präsenz
- Schulung im Trainingscenter
- Verpflegung
- Teilnahmebestätigung / Zertifikat
Leistungen bei VCL Training
- Technischer Support
- Online Zugang
- Teilnahmebestätigung / Zertifikat