Catalog > All Topics

Splunk Search Expert Fast Start (Splunk SE-FS)

Cisco
3 Days
Download Course Outline
$3,000.00
Request a Quote
Credit not applicable
Share
Schedule
Export to CSV
  • No schedule events found for this course.
      • PC
        Private Class
        Privately train a group of your employees at your facility, virtually, or any of our locations.
    Request
  • LCLive Classroom
    Live Classroom
    Learn and interact with your instructor and peers in-person in our classrooms.
  • VCVirtual Classroom
    Virtual Classroom
    Attend any of our instructor-led classes virtually regardless of your physical location.
  • PCPrivate Class
    Private Class
    Privately train a group of your employees at your facility, virtually, or any of our locations.
  • GTRGuaranteed to Run
    Guaranteed to Run
    GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All

Description

This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics, compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, use lookups and subsearches to enrich results, and correlate and filter data from multiple sources.

This class will take place over three 6-hour days (plus a 1-hour break each day)

 

Objectives

  • Working with Time (WWT)
  • Statistical Processing (SSP)
  • Comparing Values (SCV)
  • Result Modification (SRM)
  • Leveraging Lookups and Subsearches (LLS)
  • Correlation Analysis (SCLAS)

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk Works
  • Creating Search queries
  • Knowledge objects (specifically reports, lookups, and fields)

OR have taken the following:

  • Foundation Fast Start OR
  • What is Splunk? (Retired), Intro to Splunk (ITS) and [Using Fields (SUF)

Outline

Topic 1 – Working with Time

  • Searching with Time
  • Formatting Time
  • Comparing index Time versus Search Time
  • Using Time Commands
  • Working with Time Zones

Topic 2 – Statistical Processing

  • What is a Data Series?
  • Transforming Data
  • Manipulating Data with eval
  • Formatting Data

Topic 3 – Comparing Values

  • Using eval to Compare
  • Filtering with where

Topic 4 – Result Modification

  • Manipulating Output
  • Modifying REsults Sets
  • Managing Missing Data
  • Modifying Field Values
  • Normalizing with eval

Topic 5 – Leveraging Lookups and Subsearches

  • Using Lookup Commands
  • Adding a Subsearch
  • Using the return Command

Topic 6 - Correlation Analysis

  • Caclulate Co-Occurance Between Fields
  • Analyze Multiple Datasets