Class Details

Splunk Essentials Price: $1,990

Training promotions may be available, contact a training consultant at 240-667-7507 for more information!

Price Match Guarantee Phoenix TS

Splunk Essentials Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Exam Voucher
  • A second chance voucher included with full price purchases 
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

MODULE 1: SPLUNK – GETTING STARTED

  • Your Splunk account
  • Installing Splunk on Windows
  • Installing Splunk on Linux
  • Creating a Splunk app
  • Populating data with Eventgen
  • Controlling Splunk
  • Configuring Eventgen
  • Viewing the Destinations app
  • Creating your first dashboard

MODULE 2: BRINGING IN DATA

  • Splunk and big data
  • Splunk data sources
  • Creating indexes
  • Buckets
  • Log files as data input
  • Splunk events and fields
  • Extracting new fields

MODULE 3: SEARCH PROCESSING LANGUAGE

  • Anatomy of a search
  • Time modifiers
  • Filtering search results
  • Search command – stats
  • Search command – top/rare
  • Search commands – chart and timechart
  • Search command – eval
  • Search command – rex

MODULE 4: REPORTING, ALERTS, AND SEARCH OPTIMIZATION

  • Data classification with Event Types
  • Data normalization with Tags
  • Data enrichment with Lookups
  • Creating and scheduling reports
  • Creating alerts
  • Search and Report acceleration
  • Scheduling options
  • Summary indexing

MODULE 5: DYNAMIC DASHBOARDING

  • Creating effective dashboards
  • Types of dashboards
  • Form inputs
  • Creating a time range input
  • Creating a radio input
  • Creating a drop-down input
  • Static real-time dashboard
  • Creating a choropleth map

MODULE 6: DATA MODELS AND PIVOT

  • Creating a data model
  • Data model acceleration
  • Rearranging your dashboard

MODULE 7: HTTP EVENT COLLECTOR

  • What is the HEC?
  • How does the HEC work?
  • How data flows to the HEC

MODULE 8: BEST PRACTICES AND ADVANCED QUERIES

  • Indexes for testing
  • Searching within an index
  • Search within a limited time frame
  • Quick searches via fast mode
  • Using event sampling
  • Use the fields command to improve search performance
  • Advanced searches

MODULE 9: TAKING SPLUNK TO THE ORGANIZATION

  • Common organizational use cases
  • Splunk architecture considerations
  • The Splunk community and online resources

Objectives

At the conclusion of this course, participants will be able to do the following:

  • Install and configure Splunk for personal use
  • Store event data in Splunk indexes, classify events into sources, and add data fields
  • Learn essential Splunk Search Processing Language commands and best practices
  • Create powerful real-time or user-input dashboards 
  • Be proactive by implementing alerts and scheduled reports
  • Tips from the Fez: best practices using Splunk features and add-ons
  • Understand security and deployment considerations for taking Splunk to an organizational level