This 2-day, Splunk Fundamentals - Level 2 class picks up after our 2-day Level 1 class to bring you deeper into Splunk features. Features that will help you capture and index data so that you can generate graphs, reports, alerts, dashboards, and visualizations.
Prerequisites
Individuals taking this class should have also completed the Splunk Fundamentals - Level 1 class or have equivalent practical experience using Splunk.
Course Outline
Introduction and review
- Splunk Enterprise Features
- Splunk Enterprise Features
- Search Review
- The Search pipeline
- Search modes
- Search best practices
Getting data into Splunk
- Data Inputs
- Indexing files and directories
- Indexing the Windows Event Logs
- Getting data through network ports
- Scripted inputs
- Configuring a Universal Forwarder
- Using the HTTP Event Collector (HEC)
- Getting data from databases using DB Connect
- Regular Expressions (“rex”,”regex”) in Splunk field extractions
- Adding structure & meaning to data
Building an Operational Intelligence App
- Application Architecture
- App folder structure
- Creating an app from another app
- Adding Assets
- Creating & customizing reports & dashboards
- Adding geographical maps
- Highlighting Data by Range
- Scheduling PDF Delivery
Advanced Querying
- The search command
- The where command
- The eval command
- The fields command
- The fillnull command
- SUM(), AVG(), MIN(), MAX(), COUNT(), etc…
- The join command
- The trendline command
Analytics and Machine Learning
- Linear regression on timeseries
- The Machine Learning Toolkit
- Finding anomalies
- Identifying clusters
- Detecting outliers
- Forecasting Time Series
Optimizing Splunk
- Summary indexing
- Backfilling a summary index
- Report Acceleration
