This nine-hour Splunk course focuses on search and reporting commands. Through scenario-based examples and hands-on challenges, students will learn to create robust searches, reports, and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands, correlating events, enrichment with lookups, and summaries. The course assumes students have taken the prerequisite Using Splunk course and will be taught through instructor-led lectures and labs either virtually or on-site.
Six Myths about Ontologies: The Basics of Formal Ontology
Splunk Searching and Reporting Class Details
1. Splunk Education Services
Searching and Reporting with Splunk 5.0
This nine-hour course focuses on Splunk's search and reporting
commands. Scenario-based examples and hands-on challenges
enable users to create robust searches, reports and charts. Major
topics include statistics and reporting, formatting and calculating
results, charting commands and options, correlating events,
acceleration summaries, enriching data with lookups, and more.
Course Topics
Getting Statistics
Analyzing, Calculating, and Formatting
Creating Charts
Correlating Events
Enriching Data with Lookups
Creating and Using Summaries
Creating and Using Macros
Course Prerequisites
Using Splunk course
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at
your site.
Course Objectives
Lesson 1 – Search Fundamentals
Review basic search commands and general search practices
Review fields and use the fields command
Create a table
Lesson 2 – Getting Statistics
Describe the stats command
Display top and rare values for given fields
Use the stats command to create a statistical reports
Lesson 3 – Analyzing, Calculating, and Formatting
Understand the eval command
Perform calculations on field values
Convert, round, and format field values
Use conditional statements
Lesson 4 – Creating Charts
Create charts and time charts
Split values into multiple series
Omit null and other values from charts
Apply statistical functions
Lesson 5 – Correlating Events
Identify transactions
Correlate events
Report on transactions
Lesson 6 – Enrich Data with Lookups and Workflow Actions
Create and use a lookup table
Configure automatic and time-based lookups
Add a workflow action: WHOIS lookup
Lesson 7 – Report Acceleration
Creating and using summaries
Searching against summaries
Lesson 8 – Macros
Manage macros
Create and use a basic macro
Define and use arguments and variables for a macro
Splunk Education Tracks
User: For all day-to-day Splunk users including customer support
staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators
of other systems who will just be using Splunk should take the User
track.)
Architect: For architects who will be designing Splunk
deployments, including architects on staff at customer deployments
as well as partner professional services personnel.
Developer: For developers who will integrate, customize and
extend Splunk using its XML templates and advanced configuration
bundling.
Support Engineer: For Splunk OEM and channel partner support
staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer
Support
Engineer
Using Splunk
✓ ✓ ✓ ✓ ✓
Searching and
Reporting with Splunk ✓ ✓ ✓ ✓
Administrating Splunk
✓ ✓ ✓
Advanced Splunk
Administration ✓ ✓ ✓
Architecting and
Deploying Splunk ✓ ✓
Developing Apps with
Splunk ✓ ✓ ✓
Splunk Architect
Certification Lab ✓
Supporting Splunk
✓
About Splunk
Splunk is software that indexes,
manages and enables you to search
data from any application, server or
network device in real time.
Visit our website at www.splunk.com
to download your own free copy.
Splunk Inc.
250 Brannan
San Francisco, CA 94107
866.GET.SPLUNK
(866.438.7758)
sales@splunk.com
support@splunk.com