Creating Knowledge Objects

Upcoming Classes

Online

Instructor-led online training

Location	Apr 2023	May 2023	Jun 2023	Jul 2023	Aug 2023	Sep 2023
AMER Eastern Time - Virtual	Apr 10 Apr 20	May 18	Jun 14
APAC Singapore - Virtual	Apr 13	May 29		Jul 10	Aug 24
AMER Pacific Time - Virtual	Apr 13
APAC Sydney - Virtual	Apr 17	May 25
EMEA UK Time - Virtual	Apr 27		Jun 12	Jul 12		Sep 4
AMER Brazil Time - Virtual (Portuguese)		May 10 May 24		Jul 5	Aug 10 Aug 30	Sep 6
EMEA Greenwhich Mean Time - Virtual		May 11
AMER Eastern Time - Virtual (Spanish)		May 17
Fast Lane Italia - Milano				Jul 11

Summary

This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.

Description

Knowledge Objects and Search-time Operations
Creating Event Types
Using Event Type Builder
Creating Workflow Actions
Creating Tags and Aliases
Creating Serach Macros

Duration

3 hours

Objectives

Topic 1 – Knowledge Objects & Search-time Operations

Understand role of knowledge objects for enriching data
Define search-time operation sequence

Topic 2 – Creating Event Types

Define event types
Create event types using three methods
Tag event types
Compare event types and reports

Topic 3 – Creating Workflow Actions

Identify what are workflow actions
Create a GET, POST, and search workflow action
Test workflow actions

Topic 4 – Creating Tags and Aliases

Describe field aliases and tags
Create field aliases and tags
Search with field aliases and tags

Topic 5 – Creating Search Macros

Explain search macros
Create macros with and without arguments
Validate macro arguments
Use and preview macros at search time
Create and use nested macros
Use macros with other knowledge objects

Topic 6 – Creating Calculated Fields

Explain calculated fields
Create a calculated field
Use a calculated field in search

Audience

Knowledge Managers

Prerequisites

To be successful, students should have a solid understanding of the following:

How Splunk works
Knowledge Objects

Additional Notes

Individuals who enroll in this class will also be enrolled in an (eLearning with Labs) component. Completion of labs and quizzes is required in order to receive proof of completion.

Public Training

AMER Eastern Time - Virtual

Apr 10

9:00 AM - 12:00 PM EDT

$ 500.00 USD
Apr 20

1:00 PM - 4:00 PM EDT

$ 500.00 USD
May 18

1:00 PM - 4:00 PM EDT

$ 500.00 USD
Jun 14

1:00 PM - 4:00 PM EDT

$ 500.00 USD

APAC Singapore - Virtual

Apr 13

9:00 AM - 12:00 PM SGT

$ 500.00 USD
May 29

9:00 AM - 12:00 PM SGT

$ 500.00 USD
Jul 10

9:00 AM - 12:00 PM SGT

$ 500.00 USD
Aug 24

9:00 AM - 12:00 PM SGT

$ 500.00 USD

AMER Pacific Time - Virtual

Apr 13

1:00 PM - 4:00 PM PDT

$ 500.00 USD

APAC Sydney - Virtual

Apr 17

9:00 AM - 12:00 PM AEST

$ 500.00 USD
May 25

9:00 AM - 12:00 PM AEST

$ 500.00 USD

EMEA UK Time - Virtual

Apr 27

9:00 AM - 12:00 PM BST

$ 500.00 USD
Jun 12

9:00 AM - 12:00 PM BST

$ 500.00 USD
Jul 12

9:00 AM - 12:00 PM BST

$ 500.00 USD
Sep 4

9:00 AM - 12:00 PM BST

$ 500.00 USD

AMER Brazil Time - Virtual (Portuguese)

May 10

9:00 AM - 12:00 PM BRT

$ 500.00 USD
May 24

9:00 AM - 12:00 PM BRT

$ 500.00 USD
Jul 5

9:00 AM - 12:00 PM BRT

$ 500.00 USD
Aug 10

9:00 AM - 12:00 PM BRT

$ 500.00 USD
Aug 30

9:00 AM - 12:00 PM BRT

$ 500.00 USD
Sep 6

9:00 AM - 12:00 PM BRT

$ 500.00 USD

EMEA Greenwhich Mean Time - Virtual

May 11

1:00 PM - 4:00 PM BST

$ 500.00 USD

AMER Eastern Time - Virtual (Spanish)

May 17

1:00 PM - 4:00 PM EDT

$ 500.00 USD

Fast Lane Italia - Milano

Jul 11

2:00 PM - 5:00 PM CEST

$ 500.00 USD

Don't see a date that works for you?

Request Class

Creating Knowledge Objects

Creating Knowledge Objects