Splunk Power User Fast Start
Listenpreis
4.000,00 € exkl. MwSt.
4.760,00 € inkl. MwSt. Dauer 4 Tage
4.760,00 € inkl. MwSt. Dauer 4 Tage
Leistungen Präsenz
- Schulung im Trainingscenter
- Verpflegung
- Teilnahmebestätigung / Zertifikat
- Technischer Support
- Online Zugang
- Teilnahmebestätigung / Zertifikat
Ihre Ansprechpartnerin
Manuela Krämer
Leitung
Informationssicherheit
Kontakt/Fragen:
m.kraemer@cbt-training.de
Telefon: +49 (0)89-4576918-12
-
Inhalte
Working with Time
- Module 1 Searching with Time
- Understand the _time field and timestamps
- View and interact with the Event Timeline
- Use the earliest and latest time modifiers
- Use the bin command with the _time field
- Module 2 Formatting TIme
- Use various date and time eval functions to format time
- Module 3 Using Time Commands
- Use the timechart command
- Use the timewrap command
- Module 4 Working with Time Zones
- Understand how time and timezones are represented in your data
- Determine the time zone of your server
- Use strftime to correct timezones in results
Statistical Processing
- Module 1 What is a Data Series
- Introduce data series
- Explore the difference between single-series, multi-series, and time series data series
- Module 2 Transforming Data
- Use the chart, timechart, top, rare, and stats commands to transform events into data tables
- Module 3 Manipulating Data with eval Command
- Understand dthe eval command
- Explore and perform calculations using mathematical and statistical eval functions
- Perform calculations and concatenations on field values
- Use the eval command as a function with the stats command
- Module 4 Formatting Data
- Use the rename command
- Use the sort command
Comparing Values
- Module 1 Using eval to Compare
- Understand the eval command
- Explain evaluation functions
- Identify and use comparison and conditional functions
- Use the fieldformat command to format field values
- Module 2 Filtering with where
- Use the where command to filter results
- Use wildcards with the where command
- Filter fields with the information functions, isnull and isnotnull
Result Modification
- Module 1 Manipulating Output
- Convert a 2-D table into a flat table with the untable command
- Convert a flat table into a 2-D table with the xyseries command
- Module 2 Modifying Result Sets
- Append data to search results with the appendpipe command
- Calculate event statistics with the eventstats command
- Calculate "streaming" statistics with the streamstats command
- Modify values to segregate events with the bin command
- Module 3 Managing Missing Data
- Find missing and null values with the fillnull command
- Module 4 Modifying Field Values
- Understand the eval command
- Use conversion and text eval functions to modify field values
- Reformat fields with the foreach command
- Module 5 Normalizing with eval
- Normalize data with eval functions
- Identify eval functions to use for data and field normalization
Correlation Analysis
- Module 1 Calculate Co-Occurrence Between Fields
- Understand transactions
- Explore the transaction command
- Module 2 Analyze Multiple Data Sources
- Understand subsearch
- Use the append, appendcols, union, and join commands to combine, analyze, and compare multiple data sources
Creating Knowledge Objects
- Topic 1 Knowledge Objects & Search-time Operations
- Understand role of knowledge objects for enriching data
- Define search-time operation sequence
- Topic 2 Creating Event Types
- Define event types
- Create event types using three methods
- Tag event types
- Compare event types and reports
- Topic 3 Creating Workflow Actions
- Identify what are workflow actions
- Create a GET, POST, and search workflow action
- Test workflow actions
- Topic 4 Creating Tags and Aliases
- Describe field aliases and tags
- Create field aliases and tags
- Search with field aliases and tags
- Topic 5 Creating Search Macros
- Explain search macros
- Create macros with and without arguments
- Validate macro arguments
- Use and preview macros at search time
- Create and use nested macros
- Use macros with other knowledge objects
- Topic 6 Creating Calculated Fields
- Explain calculated fields
- Create a calculated field
- Use a calculated field in search
Creating Field Extractions
- Module 1 Using the Field Extractor
- Understand types of extracted fields and when they are extracted
- Explore the Splunk Web Field Extractor (FX)
- Module 2 Creating Regex Field Extractions
- Identify basics of regular expressions (regex)
- Understand the regex field extraction workflow
- Edit regex for field extractions
- Module 3 Creating Delimited Field Extractions
- Identify delimited field values in event data
- Understand the delimited field extraction workflow
Data Models
- Module 1 Introducing Data Model Datasets
- Understand data models
- Add event, search, and transaction datasets to data models
- Identify event object hierarchy and constraints
- Add fields based on eval expressions to transaction datasets
- Module 2 Designing Data Models
- Create a data model
- Add root and child datasets to a data model
- Add fields to data models
- Test a data model
- Define permissions for a data model
- Upload/download a data model for backup and sharing
- Module 3 Creating a Pivot
- Identify benefits of using Pivot
- Create and configure a Pivot
- Visualize a Pivot
- Save a Pivot
- Use Instant Pivot
- Access underlying search for Pivot
- Module 4 Accelerating Data Models
- Understand the difference between ad-hoc and persistent data model acceleration
- Accelerate a data model
- Describe the role of tsidx files in data model acceleration
- Review considerations about data model acceleration
Ziele
Zielgruppe
Voraussetzungen
Folgende Grundkenntnisse sollten die Teilnehmer haben:
- How Splunk works
- Creating search queries
Voraussetzungen können mit folgenden E-Learnings erworben werden:
- What is Splunk (SSC) : https://www.splunk.com/en_us/training/courses/what-is-splunk.html
- Intro to Splunk (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-splunk.html
- Using Fields (SSC) : https://www.splunk.com/en_us/training/courses/using-fields.html
- Visualizations (SSC) : https://www.splunk.com/en_us/training/courses/visualizations.html
- Intro to Knowledge Objects (SSC) : https://www.splunk.com/en_us/training/courses/intro-to-knowledge-objects.html
Search Under the Hood (SSC) : https://www.splunk.com/en_us/training/courses/search-under-the-hood.html - Module 1 Searching with Time
-
E-BOOK - Die Original-Herstellerunterlage zu diesem Kurs erhalten Sie als digitale Kursunterlage.
-
Hinweis:
HINWEIS: Stellen Sie sicher, dass Sie ein Modul innerhalb von 4 Stunden abschließen, beginnen Sie ein Modul nicht an einem Tag und beenden Sie es am nächsten Tag.
- Network Security
- Data Intelligence AI
- Cloud
-
Im Splunk zertifizierten Trainingscenter führen ausschließlich zertifizierte Trainer Splunk Kurse durch.
Diesen Developer Fast Track führen wir mit unserem zertifizierten Partner der Arrow ECS durch. -
Certification : Splunk Core Certified Power User
-
Firmen- oder Inhouseschulungen finden ausschließlich mit Teilnehmern Ihrer Firma
in unseren oder Ihren Räumlichkeiten oder als Online LIVE Schulung statt.
Überblick zu den Vorteilen unserer individuellen Firmen- und Inhouseschulungen:- Individuelle Zusammenstellung der Themen, gemäß Ihren Anforderungen
- Maßgeschneidert auf Ihre Ziele
- Termin und Zeitraum der Firmenschulung bestimmen Sie
- Schulungsort: Ob bei Ihnen vor Ort, in unseren Trainingsräumen oder als Online LIVE Training – Sie entscheiden
- Firmenschulungen sind oft kostengünstiger, vor allem bei einer größeren Anzahl von Mitarbeitern
- Rundum-Service in unseren Räumen, damit sich Ihre Mitarbeiter voll auf den Kurs konzentrieren können
Gerne unterbreiten wir Ihnen ein Angebot.
Füllen Sie hierfür bitte unser Anfrage-Formular aus oder vereinbaren Sie gleich einen Beratungstermin:
Telefon +49 89 4576918-40 / E-Mail beratung@cbt-training.de Anfrage