Embed Size (px)
Citation preview
Splunk Education Services
Searching and Reporting with Splunk 5.0 This nine-hour course focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands and options, correlating events, acceleration summaries, enriching data with lookups, and more.
Course Topics Getting Statistics Analyzing, Calculating, and Formatting Creating Charts Correlating Events Enriching Data with Lookups Creating and Using Summaries Creating and Using Macros
Course Prerequisites Using Splunk course
Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site. Course Objectives Lesson 1 – Search Fundamentals Review basic search commands and general search practices Review fields and use the fields command Create a table
Lesson 2 – Getting Statistics Describe the stats command Display top and rare values for given fields Use the stats command to create a statistical reports
Lesson 3 – Analyzing, Calculating, and Formatting Understand the eval command Perform calculations on field values Convert, round, and format field values Use conditional statements
Lesson 4 – Creating Charts Create charts and time charts Split values into multiple series Omit null and other values from charts Apply statistical functions
Lesson 5 – Correlating Events Identify transactions Correlate events Report on transactions
Lesson 6 – Enrich Data with Lookups and Workflow Actions Create and use a lookup table Configure automatic and time-based lookups Add a workflow action: WHOIS lookup
Lesson 7 – Report Acceleration Creating and using summaries Searching against summaries
Lesson 8 – Macros Manage macros Create and use a basic macro Define and use arguments and variables for a macro
Splunk Education Tracks User: For all day-to-day Splunk users including customer support staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators of other systems who will just be using Splunk should take the User track.)
Architect: For architects who will be designing Splunk deployments, including architects on staff at customer deployments as well as partner professional services personnel.
Developer: For developers who will integrate, customize and extend Splunk using its XML templates and advanced configuration bundling.
Support Engineer: For Splunk OEM and channel partner support staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer Support Engineer
Using Splunk ✓ ✓ ✓ ✓ ✓
Searching and Reporting with Splunk ✓ ✓ ✓ ✓ Administrating Splunk
✓ ✓ ✓
Advanced Splunk Administration ✓ ✓ ✓ Architecting and Deploying Splunk ✓ ✓ Developing Apps with Splunk ✓ ✓ ✓ Splunk Architect Certification Lab ✓ Supporting Splunk
✓
About Splunk Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time.
Visit our website at www.splunk.com to download your own free copy.
Splunk Inc. 250 Brannan San Francisco, CA 94107 866.GET.SPLUNK (866.438.7758) [email protected] [email protected]
