EQALIS ACADEMY

Searching and Reporting with Splunk 4.2

This nine-hour follow-on course to the Using Splunk class focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands and options, correlating events, summary indexing, enriching data with lookups, and more.

Course Topics:

• Search Fundamentals
• Getting Statistics
• Analyzing, Calculating, and Formatting
• Creating Charts
• Correlating Events
• Enriching Data with Lookups
• Summary Indexing
• Creating and Using Macros

Course Prerequisites:

• The Using Splunk course

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Objectives

Lesson One - Search Fundamentals

• Examine the anatomy of a search
• Understand search language syntax concepts
• Review fields and use the fields command
• Create a table
• Extract fields
• Examine multi-value fields

Lesson Two - Getting Statistics

• Understand the stats command
• Preview reporting and charting commands
• Display top and rare values for given fields
• Use the stats command
  
  

Lesson Three - Formatting and Calculating

• Understand the eval command
• Perform calculations on field values
• Convert, round, and format field values
• Use conditional statements
• Further filter calculated results

Lesson Four - Charting

• Identify chart types and the chart command
• Create a basic chart
• Split values into multiple series
• Omit null and other values from charts
• Create a timechart
• Chart multiple values on the same timeline
• Apply statistical functions
• Group data with buckets
• Create a rangemap

Lesson Five - Correlating Events

• Identify transactions
• Group events using fields and time
• Search with transactions
• Report on transactions
• Determine when to use transactions vs stats

Lesson Six - Enrich Data with Lookups

• Discover lookups
• Examine a lookup file example
• Create a lookup table
• Define a lookup
• Configure an automatic lookup
• Use the lookup in searches and reports

Lesson Seven - Summary Indexing

• Define summary indexing
• Create and schedule a summary search
• Populate a summary index
• Run searches against a summary index
• Identify and correct gaps and overlaps in a summary index

Lesson Eight - Macros

• Manage macros
• Create and use a basic macro
• Define and use arguments and variables for a macro

Click here to find upcoming course dates. 

EQALIS provide scheduled monthly web based training for splunk customers and partners in Europe, Middle East, Aftica, and Asia. We can also offer discounted rates for group bookings delivered at your place of business or remotely.

Contact Us for more information