Prerequisites
Splunk 6.6 Fundamentals Part 1
Course Objectives
This course picks up where Splunk 6.6 Fundamentals Part 1 leaves off, focusing on more advanced searching and reporting commands as well as on the creation of knowledge objects.
Scenario-based examples and hands-on challenges coach you step-by-step through the creation of complex searches, reports, and charts. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).
Course Content
- Transforming commands and visualization
- Filtering and formatting Results
- Correlating events
- Knowledge objects
- Fields (Field aliases, field extractions, calculated fields)
- Tags and event types
- Macros
- Workflow actions
- Data models
- Splunk Common Information Model (CIM)