The Splunk Fundamentals Part 3 course picks up where Splunk Fundamentals Part 2 leaves off, focusing on some more advanced searching and reporting commands as well as on advanced use cases of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookups, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.
The Splunk Fundamentals Part 3 course picks up where Splunk Fundamentals Part 2 leaves off, focusing on some more advanced searching and reporting commands as well as on advanced use cases of knowledge objects. Major topics include advanced statistics and eval commands, advanced lookups, advanced alert actions, using regex and erex to extract fields, using spath to work with self-referencing data, creating nested macros and macros with event types, and accelerating reports and data models.
Module 1 – Exploring Statistical Commands
Performing statistical analysis with functions of the stat command
Using fieldsummary
Using appendpipe
Using eventstats
Using streamstats
Module 2 – Exploring eval Command Functions
Using conversion functions
Using data and time functions
Using string functions
Using comparison and conditional functions
Using informational functions
Using statistical functions
Using mathematical functions
Module 3 – Exploring Lookups
Including and excluding events based on lookup values
Using KV Store, external, and geospatial lookups
Understanding best practices for lookups
Module 4 – Exploring Alerts
Using lookups in alerts
Outputting alert results to a lookup
Logging and indexing searchable alert events
Module 5 – Extracting Fields at Search Time
Using the erex command
Using the rex command
Identifying regex best practices
Module 6 – Working with Self-Describing Data
Using the spath command
Using the eval command with the spath function
Extracting fields from table-formatted events with multikv
Module 7 – Exploring Search Macros
Using nested search macros
Previewing search macros before executing
Using tags and event types in search macros
Module 8 – Using Acceleration Options
Describing acceleration and acceleration methods
Determining how summaries make searches efficient
Module 9 – Report Acceleration
Creating an accelerated report
Searching against an acceleration summary
Module 10 – Summary Indexing
Identifying when to use a summary index
Defining and search against a summary index
Module 11 – datamodel Command & Data Model Acceleration
Exploring data models using the datamodel command
Discerning between ad hoc and persistent data model acceleration
Module 12 – tsidx files and tstats Command
Work with tsidx files using the tstats command
Use tstats command with data models
Splunk Fundamentals 2