Embed Size (px)
Citation preview
Splunk Education Services
Advanced Searching and Reporting with Splunk 5.0 This nine-hour course supplements the Searching and Reporting with Splunk class. It focuses on more advanced search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports, and charts. Students are coached step by step through complex searches to produce final results. Major topics include the Splunk search process, using sub-searches, using additional statistical commands and functions, formatting and calculating results, charting commands and options, correlating events, enriching data with lookups, and more.
Course Topics Beyond Search Fundamentals Using Sub-searches Using Advanced Statistics, Data Manipulation, & Filtering Using Advanced Charting Sorting, Searching and Reformatting Time Using Advanced Transactions Using Advanced Lookups
Course Prerequisites Using Splunk and Searching and Reporting with Splunk courses
Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site. Course Objectives Lesson 1 – Beyond Search Fundamentals Using the proper case in searches Describing Splunk’s search process Using the search inspector to view search performance Using the search inspector to troubleshoot searches
Lesson 2 – Using Sub-Searches Using sub-searches to correlate data Finding events that match values from a sub-search Finding events that do not match values from a sub-search
Lesson 3 – Using Advanced Statistics Using the appendpipe command Using statistical functions such as min, max, mean, median, and
standard deviation Using the streamstats command Using the eventstats command
Lesson 4 – Using Data Manipulation, and Filtering Using functions of the where command Using functions of the eval command
Lesson 5– Using Advanced Charting Using the addtotals command Using the rangemap command Using the append command
Lesson 6 – Sorting, Searching, and Reformatting Time Using time modifiers Searching for events using custom time ranges Searching for events within a window of time Displaying and use using relative dates Using custom time ranges in multiple sub-searches
Lesson 7 – Using Advanced Transactions Finding events logged before a particular event occurs Finding events logged after a particular event occurs Comparing complete transactions Analyzing transactions
Lesson 8 – Using Advanced Lookups Using lookup tables to include or exclude events Using time-based lookups Configuring time-based lookups Using lookups in alerts
Splunk Education Tracks User: For all day-to-day Splunk users including customer support staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators of other systems who will just be using Splunk should take the User track.)
Architect: For architects who will be designing Splunk deployments, including architects on staff at customer deployments, as well as partner professional services personnel.
Developer: For developers who will integrate, customize and extend Splunk using its XML templates and advanced configuration bundling.
Support Engineer: For Splunk OEM and channel partner support staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer Support Engineer
Using Splunk ✓ ✓ ✓ ✓ ✓ Searching and Reporting with Splunk ✓ ✓ ✓ ✓
Advanced Searching and Reporting with Splunk
✓ ✓ ✓ ✓
Administrating Splunk ✓ ✓ ✓
Advanced Splunk Administration ✓ ✓ ✓ Architecting and Deploying Splunk ✓ ✓ Developing Apps with Splunk ✓ ✓ ✓ Splunk Architect Certification Lab ✓ Supporting Splunk ✓
Splunk Education Services
About Splunk Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time.
Visit our website at www.splunk.com to download your own free copy.
Splunk Inc. 250 Brannan San Francisco, CA 94107 866.GET.SPLUNK (866.438.7758) [email protected] [email protected]
