Creating Knowledge Objects

Creating Knowledge Objects

Creating Knowledge Objects

Upcoming Classes

Online

Instructor-led online training

Location Jan 2022 Feb 2022 Mar 2022 Apr 2022 May 2022 Jun 2022 Jul 2022
AMER Pacific Time - Virtual Feb 7
 Mar 9
 Apr 6
EMEA UK Time - Virtual Feb 10
 Mar 3
Mar 24
 Apr 14
AMER Eastern Time - Virtual Feb 16
Feb 23
 Mar 16
 Apr 13
Apr 20
APAC Singapore - Virtual Feb 21

Summary

This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.

Description

  • Knowledge Objects and Search-time Operations
  • Creating Event Types
  • Using Event Type Builder
  • Creating Workflow Actions
  • Creating Tags and Aliases
  • Creating Serach Macros

 

Duration

3 hours

Objectives

Topic 1 – Knowledge Objects & Search-time Operations

  • Understand role of knowledge objects for enriching data
  • Define search-time operation sequence

Topic 2 – Creating Event Types

  • Define event types
  • Create event types using three methods
  • Tag event types
  • Compare event types and reports

Topic 3 – Creating Workflow Actions

  • Identify what are workflow actions
  • Create a GET, POST, and search workflow action
  • Test workflow actions

Topic 4 – Creating Tags and Aliases

  • Describe field aliases and tags
  • Create field aliases and tags
  • Search with field aliases and tags

Topic 5 – Creating Search Macros

  • Explain search macros
  • Create macros with and without arguments
  • Validate macro arguments
  • Use and preview macros at search time
  • Create and use nested macros
  • Use macros with other knowledge objects

Topic 6 – Creating Calculated Fields

  • Explain calculated fields
  • Create a calculated field
  • Use a calculated field in search

Audience

Knowledge Managers

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Knowledge Objects

 

Additional Notes

Individuals who enroll in this class will also be enrolled in an (eLearning with Labs) component. Completion of labs and quizzes is required in order to receive proof of completion.

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Pacific Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM PST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM PST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM PDT
    $ 500.00 USD

EMEA UK Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM GMT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM GMT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM GMT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM BST
    $ 500.00 USD

AMER Eastern Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM EST
    $ 500.00 USD
  • Confirmed
    2:00 PM - 5:00 PM EST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM EDT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM EDT
    $ 500.00 USD
  • Confirmed
    2:00 PM - 5:00 PM EDT
    $ 500.00 USD

APAC Singapore - Virtual

  • Confirmed
    9:00 AM - 12:00 PM SGT
    $ 500.00 USD

Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.