Splunk Online Workshop
Duration : 3 Days (9:30 AM to 5:30 PM)
Date : 01, 02, 03 March 2023
Overview
Splunk is a software that is used to monitor, search, Analyze and visualize machine generated data in real time. It captures, correlates, and indexes the real-time data in a searchable container and generates alerts, dashboards, graphs, and visualizations. It offers easy to access data over the entire organization.
This Splunk training include Splunk developer concepts like basics of Splunk development, fields in searches, saving and scheduling the searches, tags and events types, workflows, Splunk search commands, etc., and Splunk Administration concepts like Splunk installation, Splunk app, Splunk configuration files, Splunk indexes and uses, Splunk production and administration environment, spunk input methods, etc. With the knowledge of all these concepts, you will excel in your work. So enroll now in Splunk Training and improve your professional status.
Prerequisites
Course Contents
DAY-1: Splunk Essentials
- Introduction
- What is Machine Data?
- Use case for Splunk
- Event Fields
- Source
- Sourcetype
- Host
- Timestamp
- Search
Getting Started with Splunk
- Installing Splunk
- Starting Splunk
- Stopping and Restarting Splunk
- Finding Splunk status
- Exploring Splunk Web
- Administrator: Preferences and Account Settings
- Activity: Jobs and Alerts
- Users and Authentication: Users, Roles, Authentication
- Server Settings and Controls
- Data Inputs, Inexes and Sourcetypes
- Knowledge Objects
Splunk Architecture
- Splunk Daemon
- Web Server
- REST API
- Indexers and Forwarders
- Modular Inputs
- Indexes
- Search Manager and SPL
- Apps
SPL
- Syntax: operators, delimiters, wildcards
- Commands and Functions
- Pipelines
- Subsearches
- Types and Categories of Search
- Search Processing Language
- Search Command Reference
- Using: search, stats, eval, top, rare, fields, sort, chart, timechart, where History and Realtime
Searches
Reports
- Understanding Reports
- Creating Reports
- Including visualizations
- Viewing Reports
- Scheduling Reports
- Accelerating Reports
- Configuring Actions
Alerts
- Understanding Alerts
- Creating Alerts
- Viewing Fired Alerts
- Visualization
- Understanding Visualization
- Chart Commands
- Generating and viewing Tables
- Charts: Pie, Line, Area, Bar and Column
- Gauges, Fillers and Single Value
- Customizing Formats
- Trellis
DAY-2: Knowledge Objects
- Field Aliases
- Creating and using aliases
- Calculated Fields
- Understanding Calculated Fields
- Defining Calculated Fields
- Viewing Calculated Fields
- Using Calculated Fields
- Extracting Fields
- Understanding Field Extraction
- Extracting using delimiters
- Extracting using regular expressions
- Viewing extracted fields
- Using extracted fields
Event Types
- Understanding Event Types
- Defining Event Types
- Using Event Types
- Viewing Event Types
Tags
- Understanding Tags
- Assigning Tags to fields
- Assigning Tags to event-types
- Viewing Tags
- Using Tags
Macros
- Understanding Macros
- Defining Macros
- Passing Arguments
- Viewing Macros
- Using Macros
Workflow Actions
- Understanding Workflow Actions
- Creating Workflow Actions
- Actions on Fields
- Actions on Events
- Actions to fire a search
- Actions to fire a HTTP GET/POST request
- Passing Arguments
- Viewing Worklow Actions
- Using Workflow Actions
Transactions
- Understanding Event Correlations
- Group fields
- Group fields and time
- Define transaction macros
Lookups
- Understanding Lookups
- CSV Lookups
- Create Lookup Tables
- Define Lookups
- Use Lookups
- Automate Lookups
DAY-3: Extending Splunk
- Views and Dashboards
- Understanding Views
- Creating Dashboards
- Adding Events
- Adding Visualizations
- Adding Forms
- Simple XML
- Organizing Panels
- Viewing Dashboards
App Development
- Understanding Apps
- Apps Vs Add-ons
- Viewing Apps
- Installing apps from splunkbase
- App Directory Structure
- Creating App
- Adding Knowledge Objects
- Adding Views and Dashboards
- Adding Data Inputs
- Inspecting Apps
- Packaging Apps
- Installing Packaged Apps
Data Input
- Monitoring Files and Directories
- Script Data Generators
- Modular Data Input
- Add-on Splunkbase
- Monitoring REST Endpoints
Index Management
- Understanding Indexes
- Raw Files and Index Files
- Buckets
- Rolling Buckets
- Index Types
- Pipelines: Parsing and Indexing
- Default and Internal Indexes
- Creating Indexes
- Using Indexes
- Searching Indexes
- Deleting events from future searches
- Removing data from indexes
- Disabling indexes
- Removing indexes
Job Inspector
- Understanding search execution
- Using Job Inspector
- Interpreting the figures
REST API
- Understanding REST Concepts
- Splunk REST Endpoints
- Using Curl
- Using Search REST API
- Using Knowledge Object REST API
Analytics Workspace
- Usecase
- Exploring the Analytics Workspace
- Data Types: Metrics, Datasets and Alerts
- Charting
- Dashboards
- Alerts
- Analysing Data
- Creating Dashboards
- Best Practices and Case Study