Pre-Requisites

To be successful, students should have a solid understanding of the following:
How Splunk works
How to create basic searching and visualizations
RECOMMENDED: Splunk Foundation Fast Start (SF-FS)

Lessons

This Power User "Fast Start" course covers over 60 commands, functions, and knowledge objects to provide users with actionable information about searching best practices and knowledge management. Students will learn how to effectively utilize time in searches, work with different time zones, use transforming commands and eval functions to calculate statistics, compare field values with eval functions and eval expressions, manipulate output, normalize fields and field values, correlate and filter data from multiple sources, and create, manage, and share knowledge objects.

This series consists of eight modules with 24 hours of content over 4 days.

Course Content

• Working with Time (WWT)
• Statistical Processing (SSP)
• Comparing Values (SCV)
• Result Modification (SRM)
• Correlation Analysis (SCLAS)
• Creating Knowledge Objects (CKO)
• Creating Field Extractions (CFE)
• Data Models (SDM)

Course Objectives

• Utilize over 60 commands and functions to transform, manipulate, normalize, correlate, and filter data.
• Filter data using time modifiers and time commands and use formatting functions to accommodate various time formats.
• Calculate statistics using transforming commands and mathematical and statistical eval functions.
• Compare, manipulate, and normalize data using several commands including the all-powerful eval command and an array of statistical, comparison, conditional, and formatting functions.
• Calculate co-occurrence between fields and analyze data from multiple datasets.
• Create, curate, manage and share knowledge objects.

Outline: Splunk Power User Fast Start (POWER-U)

Topic 1 – Working with Time

• Formatting Time
• Comparing Index Time versus Search Time
• Using Time Commands
• Working with Time Zones

Topic 2 – Statistical Processing

• What is a Data Series?
• Transforming Data
• Manipulating Data with eval
• Formatting Data

Topic 3 – Comparing Values

• Using eval to Compare
• Filtering with where

Topic 4 – Result Modification

• Manipulating Output
• Modifying Results Sets
• Managing Missing Data
• Modifying Field Values
• Normalizing with eval

Topic 5 – Correlation Analysis

• Calculate Co-Occurrence Between Fields
• Analyze Multiple Datasets

Topic 6 – Intro to Knowledge Objects

• What are Knowledge Objects?
• Knowledge Object Settings
• Managing Knowledge Objects

Topic 7 – Creating Knowledge Objects

• Knowledge Objects and Search-time Operations
• Creating Event Types
• Using Event Type Builder
• Creating Workflow Actions
• Creating Tags and Aliases
• Creating Search Macros

Topic 8 – Creating Field Extractions

• Using the Field Extractor
• Creating Regex Field Extractions
• Creating Delimited Field Extractions

Topic 9 – Data Models

• Introducing Data Model Datasets
• Designing Data Models
• Creating a Pivot
• Accelerating Data Models

Cancellation Policy

All requests to change a registration must be in writing via e-mail to info@fastlaneca.com or faxed to us at 919-882-8036. Students may cancel more than 15 days from the start of the class with no penalty. If it is within 14 days of the start of the class, students can only reschedule. Fast Lane, or one of its Partners, reserves the right to cancel a course for any reason more than 14 days before the start of the class. Liability is limited to the registration fee only. Rescheduling: Students may reschedule a registration up to 7 business days before the scheduled start date without penalty. Rescheduling will be defined as transferring registration to the same course on a different date, or transferring to another course of equal or lesser value up to 6 months from the original course start date. If a student reschedules fewer than 7 business days before the class, or reschedules for a second time, the entire original course fee will be forfeited. An additional course fee will be required for the new registration. Substitutions: Substitutions are permitted prior to the start of the class. All substitutions must be submitted in writing to info@fastlaneca.com or faxed to us at prior to the start of class. No Shows: Failure to attend without written notice prior to the start date of the course will be considered a "no show" and will result in forfeiture of the full course price including NetApp courses paid for with NetApp Training Units. Fast Lane, at its own discretion may allow a no show student to re-sit another session of the same or lower priced course.