Certificate Authentication

Outline

1. Quick reminder on Splunk fundamentals 1

This part of the training is intended to last 1 to 1.5 hours max and makes sure all the attendees are up to date on the fundamentals 1 before the course shifts and focuses on the fundamentals 2 and 3. The instructor will illustrate the key concepts with examples and comment.

2. Splunk Fundamentals 2 and 3

This part of the training is organised in a way in which the instructor will first introduce a concept and have the attendees go through labs as direct applications of that concept. The labs will cover each one to several associated concepts from the Splunk fundamentals 2. We will cover:

• Splunk fundamentals 2 -
  • Transforming commands and visualization
  • Filtering and formatting 
  • Results
  • Correlating events
  • Knowledge objects
  • Fields (Field aliases, field extractions, calculated fields)
  • Tags and event types
  • Macros
  • Workflow actions
  • Data models
  • Splunk Common Information Model (CIM)
• Splunk fundamentals 3 -
  • Advanced Statistical Commands
  • Advanced eval Commands
  • Advanced Lookups
  • Alert Actions
  • Advanced Field Creation and Management
  • Working with Self-Describing Data and Files
  • Advanced Macros
  • Using Acceleration Options

3. Advanced Searching and Reporting

For reasons related to time the instructor will try to cover as many as possible of the following topics some of which would be presented as extensions of previous labs:

• Using Search Efficiently
• More Search Tuning
• Manipulating and Filtering Data
• Working with Multivalue Fields
• Using Advanced Transactions
• Working with Time
• Combining Searches
• Using Subsearches