Splunk Fundamentals 2

Fundamentals 2 is the next level to the basics in Splunk. This is the perfect starting point for all subsequent Splunk training courses. Splunk Fundamentals 2 elaborates on searches, reports and enriching the existing data in Splunk. During the training we will discuss practical examples and share best practices. This will guide you through the different processes step by step. After the training, you can create extensive charts and complete searches with alerts and events.

Prerequisites

Completing Fundamentals 1 is a prerequisite for Splunk Fundamentals 2.

Course Topics

  • Transforming commands and visualization
  • Filtering and formatting Results
  • Correlating events
  • Knowledge objects
  • Fields (Field aliases, field extractions, calculated fields)
  • Tags and event types
  • Macros
  • Workflow actions
  • Data models
  • Splunk Common Information Model (CIM)

Course Objectives

Module 1 – Introduction:

Overview of Buttercup Games Inc.

Module 2 – Beyond Search Fundamentals:

Search fundamentals review
Case sensitivity
Using the job inspector to view search performance

Module 3 – Using Transforming Commands for Visualizations

Explore data structure requirements
Explore visualization types
Create and format charts and timecharts

Module 4 – Using Mapping and Single Value Commands

The iplocation command
The geostats command
The geom command
The addtotals command

Module 5 –Filtering and Formatting Results

The eval command
Using the search and where commands to filter results
The filnull command

Module 6 – Correlating Events

Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats

Module 7 – Introduction to Knowledge Objects

Identify naming conventions
Review permissions
Manage knowledge objects

Module 8 – Creating and Managing Fields

Perform regex field extractions using the Field Extractor (FX)
Perform delimiter field extractions using the FX

Module 9 – Creating Field Aliases and Calculated Fields

Describe, create, and use field aliases
Describe, create and use calculated fields

Module 10 – Creating Tags and Event Types

Create and use tags
Describe event types and their uses
Create an event type

Module 11 – Creating and Using Macros

Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro

Module 12 – Creating and Using Workflow Actions

Describe the function of GET, POST, and Search workflow actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action
Module 13 – Creating Data Models
Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot

Module 14 – Using the Common Information Model (CIM)

Add-On
Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM
Add-On
Use the CIM Add-On to normalize data

Certification

Once you have completed Splunk Fundamentals 1 and Fundamentals 2, you are eligible to take the Splunk Certified Power User test online. It is the perfect foundation for every user to start working with Splunk.