Fundamentals 2 - Splunk Courses
page-template-default,page,page-id-15350,page-child,parent-pageid-9404,ajax_fade,page_not_loaded,,qode-theme-ver-1.5,wpb-js-composer js-comp-ver-4.3.5,vc_responsive

Splunk Fundamentals 2

This course focuses on searching and reporting commands as well as on the creation of knowledge objects.

Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).

Units : 4
Duration : 18 hours over 4 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)
Cost : AUD 3,448.00 ex GST*

*Discounts apply for Splunk Partners.

Course Topics

Transforming commands and visualization
Filtering and formatting results
Correlating events
Knowledge objects
Fields(Field aliases, field extractions, calculated fields)
Tags and event types
Workflow actions
Data models
Splunk Common Information Model (CIM)

After completing this course you will be able to:
  • Create searches using the Splunk Search Processing Language
  • Use many common search commands to create statistics, evaluate data, sort, rename and add totals
  • Create tables and charts using your newfound search commands
  • Customise charts by adding filters to show only certain data, create stacked charts and charts based on time
  • Perform calculations on your event data, use conditional expressions
  • Correlate data using transactions
  • Learn to create valuable knowledge objects which you can reuse time and time again
  • Extract fields at search time with Splunk’s interactive field extractor tool
  • Create macro’s and pass arguments into your search
  • Utilise workflow actions which enable you to launch and interact with external resources
  • Create powerful data models which can be used to run the Pivot tool
  • Add value to your event data using lookups
Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Prerequisites
  • Splunk Fundamentals 1
  • Course Objectives

    Module 1 – Introduction

    Overview of Buttercup Games Inc.
    Lab environment

    Module 2 – Beyond Search Fundamentals

    Search fundamentals review
    Case sensitivity
    Using the job inspector to view search performance

    Module 3 – Using Transforming Commands for Visualizations

    Explore data structure requirements
    Explore visualization types
    Create and format charts and timecharts

    Module 4 – Using Mapping and Single Value Commands

    The iplocation command
    The geostats command
    The geom command
    The addtotals command

    Module 5 – Filtering and Formatting Results

    The eval command
    Using the search and where commands to filter results
    The filnull command

    Module 6 – Correlating Events

    Identify transactions
    Group events using fields
    Group events using fields and time
    Search with transactions
    Report on transactions
    Determine when to use transactions vs. stats

    Module 7 – Introduction to Knowledge Objects

    Identify naming conventions
    Review permissions
    Manage knowledge objects

    Module 8 – Creating and Managing Fields

    Perform regex field extractions using the Field Extractor (FX)
    Perform delimiter field extractions using the FX

    Module 9 – Creating Field Aliases and Calculated Fields

    Describe, create, and use field aliases
    Describe, create and use calculated fields

    Module 10 – Creating Tags and Event Types

    Create and use tags
    Describe event types and their uses
    Create an event type

    Module 11 – Creating and Using Macros

    Describe macros
    Create and use a basic macro
    Define arguments and variables for a macro
    Add and use arguments with a macro

    Module 12 – Creating and Using Workflow Actions

    Describe the function of GET, POST, and Search workflow actions
    Create a GET workflow action
    Create a POST workflow action
    Create a Search workflow action

    Module 13 – Creating Data Models

    Describe the relationship between data models and pivot
    Identify data model attributes
    Create a data model
    Use a data model in pivot

    Module 14 – Using the Common Information Model (CIM) Add-On

    Describe the Splunk CIM
    List the knowledge objects included with the Splunk CIM Add-On
    Use the CIM Add-On to normalize data


    Anyone whose role requires them to view or run reports within Splunk. Previous attendees have had various roles within their organisations such as Consultants, IT Operations/Security, Business Intelligence/Business Analysts and Marketing Professionals, Solution Architects and Application Developers.

    Related Certifications

    Fundamentals 2 Course Dates

    Splunk Fundamentals 2 – 7-10 July

    This 18 hour over 4 days course focuses on searching and reporting commands as well as on the creation of…


    Splunk Fundamentals 2 – 4-7 August

    This 18 hour over 4 days course focuses on searching and reporting commands as well as on the creation of…


    Splunk Fundamentals 2 – 8-11 September

    This 18 hour over 4 days course focuses on searching and reporting commands as well as on the creation of…

    Training Calendar