Overview
This 2-day, Splunk Fundamentals - Level 2 class picks up after our Level 1 two-day class to bring you deeper into Splunk features. Features that will help you capture and index data so that you can generate graphs, reports, alerts, dashboards, and visualizations.
Introduction and review
Splunk Enterprise Features
Search Review
The Search pipeline
Search modes
Search best practices
Getting data into Splunk
Data Inputs
Indexing files and directories
Indexing the Windows Event Logs
Getting data through network ports
Scripted inputs
Configuring a Universal Forwarder
Using the HTTP Event Collector (HEC)
Getting data from databases using DB Connect
Regular Expressions (“rex”,”regex”) in Splunk field extractions
Adding structure & meaning to data
Building an Operational Intelligence App
Application Architecture
App folder structure
Creating an app from another app
Adding Assets
Creating & customizing reports & dashboards
Adding geographical maps
Highlighting Data by Range
Scheduling PDF Delivery
Advanced Querying
The search command
The where command
The eval command
The fields command
The fillnull command
SUM(), AVG(), MIN(), MAX(), COUNT(), etc…
The join command
The trendline command
Analytics and Machine Learning
Linear regression on timeseries
The Machine Learning Toolkit
Finding anomalies
Identifying clusters
Detecting outliers
Forecasting Time Series
Optimizing Splunk
Summary indexing
Backfilling a summary index
Report Acceleration
Individuals taking this class should have also completed the Splunk Fundamentals - Level 1 class or have equivalent practical experience using Splunk.
