Splunk Search Expert Fast Start

Splunk Search Expert Fast Start

Splunk Search Expert Fast Start

Upcoming Classes

Online

Instructor-led online training

Location Feb 2023 Mar 2023 Apr 2023 May 2023 Jun 2023 Jul 2023 Aug 2023
AMER Eastern Time - Virtual Feb 8 – Feb 10
Feb 22 – Feb 24
 Mar 1 – Mar 3
Mar 29 – Mar 31
 Apr 19 – Apr 21
APAC Singapore - Virtual Feb 13 – Feb 15
 Mar 20 – Mar 22
 May 1 – May 3
AMER Pacific Time - Virtual Feb 15 – Feb 17
 Mar 8 – Mar 10
 Apr 5 – Apr 7
Apr 26 – Apr 28
EMEA UK Time - Virtual Mar 6 – Mar 8
 Apr 17 – Apr 19
AMER Central Time - Virtual Mar 29 – Mar 31

Summary

This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics, compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, use lookups and subsearches to enrich results, and correlate and filter data from multiple sources.

This class will take place over three 6-hour days (plus a 1-hour break each day)

Description

  • Working with Time
  • Statistical Processing
  • Comparing Values
  • Result Modification
  • Leveraging Lookups and Subsearches
  • Correlation Analysis

 

Duration

3 Days

Objectives

Topic 1 – Working with Time

  • Searching with Time
  • Formatting Time
  • Comparing index Time versus Search Time
  • Using Time Commands
  • Working with Time Zones

Topic 2 – Statistical Processing

  • What is a Data Series?
  • Transforming Data
  • Manipulating Data with eval
  • Formatting Data

Topic 3 – Comparing Values

  • Using eval to Compare
  • Filtering with where

Topic 4 – Result Modification

  • Manipulating Output
  • Modifying REsults Sets
  • Managing Missing Data
  • Modifying Field Values
  • Normalizing with eval

Topic 5 – Leveraging Lookups and Subsearches

  • Using Lookup Commands
  • Adding a Subsearch
  • Using the return Command

Topic 6 - Correlation Analysis

  • Caclulate Co-Occurance Between Fields
  • Analyze Multiple Datasets

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk Works
  • Creating Search queries
  • Knowledge objects (specifically reports, lookups, and fields)

OR have taken the following:

  • Foundation Fast Start OR
  • What is Splunk, Intro to Splunk and Using Fields

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

APAC Singapore - Virtual

AMER Pacific Time - Virtual

EMEA UK Time - Virtual

AMER Central Time - Virtual


Don't see a date that works for you?

Request Class

Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005- Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.