Duration: 16 hours

Objectives:

What you’ll learn:

• Configure data inputs
• Define search time field extractions
• Understand how Splunk searches through event data
• Search for events and create reports using:
       - Data manipulation and filtering
       - Transactions
       - Subsearches

• Create and sort searches based on time
• Reformat the date/time field of returned events

Course outlines:

1.      Module 1: Getting Data In – Staging

2.      Module 2: Parsing Phase and Data Preview

3.      Module 3: Splunk configuration files and directories

4.      Module 4: Filtering and Formatting data

5.      Module 5: Create and manage fields

6.      Module 6: Using Search Efficiently

7.      Module 7: More Search Tuning

8.      Module 8: Manipulating Data

9.      Module 9: Working with Multivalued Fields

10.  Module 10: Using Advanced Transactions

11.  Module 11: Working with Time

12.  Module 12: Using Subsearch

13.  Module 13: Combining Searches

14.  Module 14: Some Extra Tips