Working with Metrics in Splunk 8.0.1

Working with Metrics in Splunk 8.0.1

Summary

This nine hour course provides Splunk users in-depth information about metrics, ingesting and searching metrics data, and how to use the Analytics Workspace to analyze and create visualizations.

Description

  • Metrics Overview
  • Metrics Terminology
  • Onboard Metrics Data
  • Metrics Indexing
  • Protocols to Ingest Metrics Data
  • Metrics SPL Commands
  • Performing Log to Metrics Conversion
  • Using the Analytics Workspace
  • Metrics Best Practices

Duration

2 Days

Objectives

Module 1 – Metrics Overview
  • Understand the differences between metrics and events
  • Describe metrics and metrics terminology
  • Identify the storage and performance benefits of metrics
  • Review use cases for searching metrics data
  • Describe metrics dimensions and time series

Module 2 – Indexing and Searching Metrics
  • Describe metrics indexing
  • Create metrics indexes
  • Onboard metrics data
  • Use the mcatalog, msearch, and mstats commands

Module 3 – Bringing Metrics Into Splunk: Metrics-Formatted Data
  • Review metrics source types and supported protocols
  • Use collectd to ingest metrics data
  • Use StatsD to ingest metrics data
  • Verify onboarding of metrics

Module 4 – Bringing Metrics Into Splunk: Converting Logs to Metrics
  • Describe the log-to-metrics process
  • Use mcollect and meventcollect to convert logs to metrics
  • Review and create custom log-to-metrics source types
  • Compare advantages and disadvantages of conversion methods

Module 5 – Managing Metrics Indexes and Metrics Rollups
  • Manage metrics indexes
  • Understand metrics rollups
  • Configure rollup policies

Module 6 – Analytics Workspace and SAI
  • Use the Analytics Workspace to analyze and visualize metrics data
  • Describe the Splunk App for Infrastructure (SAI)

Module 7 – Best Practices and Performance Tuning
  • Describe metrics best practices
  • Tune the performance of metrics processing

Prerequisites

Required:
  • Fundamentals 1
  • Fundamentals 2
  • Splunk System Administration
  • Recommended
  • Splunk Data Administration
  • Splunk Fundamentals 3
  • Some Linux experience
  •  

    Onsite Training

    For groups of three or more

    Request Quote

    Public Training

    AMER Eastern Time - Virtual

    AMER Pacific Time - Virtual

    APAC Singapore - Virtual

    EMEA UK Time - Virtual


    Don't see a date that works for you?

    Request Class