Introduction
Splunk Introduction
What is Splunk
Splunk components
Installing Splunk
Getting data into Splunk
Introduction to Splunk’s User Interface
Understand the uses of Splunk
Define Splunk Apps
Customizing your user settings
Learn basic navigation in Splunk
Basic Searching
Run basic searches
Use autocomplete to help build a search
Set the time range of a search
Identify the contents of search results
Refine searches
Use the timeline
Work with events
Control a search job
Save search results
Using Fields in Searches
Understand fields
Use fields in searches
Use the fields sidebar
Search Language Fundamentals
Review basic search commands and general search practices
Examine the search pipeline
Specify indexes in searches
Use autocomplete and syntax highlighting
Use the following commands to perform searches:
tables
rename
fields
dedup
sort
Using Basic Transforming Commands
The top command
The rare command
The stats command
Creating Reports and Dashboards
Save a search as a report
Edit reports
Create reports that include visualizations such as charts and tables
Create a dashboard
Add a report to a dashboard
Edit a dashboard
Creating and Using Lookups
Describe lookups
Create a lookup file and create a lookup definition
Configure an automatic lookup
Creating Scheduled Reports and Alerts
Describe scheduled reports
Configure scheduled reports
Describe alerts
Create alerts
View fired alerts
Using Pivot
Describe Pivot
Understand the relationship between data models and pivot
Select a data model object
Create a pivot report
Create an instant pivot from a search
Add a pivot report to a dashboard
Splunk Fundamental 2
Beyond Search Fundamentals
Case sensitivity
Using the job inspector to view search performance
Using Transforming Commands for Visualizations
Explore data structure requirements
Explore visualization types
Create and format charts and timecharts
Using Mapping and Single Value Commands
The iplocation command
The geostats command
The geom command
The addtotals command
Filtering and Formatting Results
The eval command
Using the search and where commands to filter results
The filnull command
Correlating Events
Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats
Introduction to Knowledge Objects
Identify naming conventions
Review permissions
Manage knowledge objects
Creating and Managing Fields
Perform regex field extractions using the Field Extractor (FX)
Perform delimiter field extractions using the FX
Creating Field Aliases and Calculated Fields
Describe, create, and use field aliases
Describe, create and use calculated fields
Creating Tags and Event Types
Create and use tags
Describe event types and their uses
Create an event type
Creating and Using Macros
Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro
Creating and Using Workflow Actions
Describe the function of GET, POST, and Search workflow actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action
Creating Data Models
Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot
Using the Common Information Model (CIM) Add-On
Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM Add-On
Use the CIM Add-On to normalize data
