Searching and Reporting with Splunk 5.0

This nine-hour follow-on to the Using Splunk class focuses on Splunk's search and reporting commands. Scenario-based examples and hands-on challenges enable users to create robust searches, reports and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands and options, correlating events, summary indexing, enriching data with lookups, and more.

Course Topics

• Getting Statistics

• Analyzing, Calculating, and Formatting

• Creating Charts

• Correlating Events

• Enriching Data with Lookups

• Summary Indexing

• Creating and Using Macros

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site. 

Prerequisites

Using Splunk

Course Objectives

Lesson 1 - Search Fundamentals

• Examine the anatomy of a search

• Understand search language syntax concepts

• Review fields and use the fields command

• Create a table• Examine multi-value fields

Lesson 2 - Getting Statistics

• Understand the stats command

• Display top and rare values for given fields

• Use the stats command to create statistical reports

Lesson 3 - Formatting and Calculating

• Understand the eval command

• Perform calculations on field values

• Convert, round, and format field values

• Use conditional statements

Lesson 4 - Charting 

• Create charts and time charts

• Split values into multiple series

• Omit null and other values from charts

• Apply statistical functions

Lesson 5 - Correlating Events

• Identify transactions

• Correlate events

• Report on transactions

Lesson 6 - Enrich Data with Lookups

• Create a lookup table

• Define a lookup

• Configure automatic and time-based lookups

Lesson 7 - Summary Indexing

• Define summary indexing

• Populate and run searches against a summary index

• Identify and correct gaps and overlaps in a summary index

Lesson 8 - Macros

• Manage macros

• Create and use a basic macro

• Define and use arguments and variables for a macro