Duration: 16 hours

Objectives:

What you’ll learn:

• Configure data inputs
• Define search time field extractions
• Understand how Splunk searches through event data
• Search for events and create reports using:
       - Data manipulation and filtering
       - Transactions
       - Subsearches

• Create and sort searches based on time
• Reformat the date/time field of returned events

Course outlines:

1. Module 1: Getting Data In – Staging

2. Module 2: Parsing Phase and Data Preview

3. Module 3: Splunk configuration files and directories

4. Module 4: Filtering and Formatting data

5. Module 5: Create and manage fields

6. Module 6: Using Search Efficiently

7. Module 7: More Search Tuning

8. Module 8: Manipulating Data

9. Module 9: Working with Multivalued Fields

10. Module 10: Using Advanced Transactions

11. Module 11: Working with Time

12. Module 12: Using Subsearch

13. Module 13: Combining Searches

14. Module 14: Some Extra Tips