Splunk Fundamentals 2
page-template-default,page,page-id-15350,page-child,parent-pageid-9404,ajax_fade,page_not_loaded,,qode-theme-ver-1.5,wpb-js-composer js-comp-ver-4.3.5,vc_responsive

Splunk Fundamentals 2

This course focuses on searching and reporting commands as well as on the creation of knowledge objects.

Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).

Unit: 4
Duration: 18 hours over 4 days
Time: 9am – 1:30pm AEST (GMT +10)
Cost: AUD 2880.00 ex GST

Course Topics

Transforming commands and visualization
Filtering and formatting results
Correlating events
Knowledge objects
Fields(Field aliases, field extractions, calculated fields)
Tags and event types
Workflow actions
Data models
Splunk Common Information Model (CIM)

After Completing this Course you will be able to:

Create searches using the Splunk Search Processing Language
Use many common search commands to create statistics, evaluate data, sort, rename and add totals
Create tables and charts using your newfound search commands
Customise charts by adding filters to show only certain data, create stacked charts and charts based on time
Perform calculations on your event data, use conditional expressions
Correlate data using transactions
Learn to create valuable knowledge objects which you can reuse time and time again
Extract fields at search time with Splunk’s interactive field extractor tool
Create macro’s and pass arguments into your search
Utilise workflow actions which enable you to launch and interact with external resources
Create powerful data models which can be used to run the Pivot tool
Add value to your event data using lookups

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Prerequisites

Fundamentals 1

Course Objectives

Module 1 – Introduction

Overview of Buttercup Games Inc.
Lab environment

Module 2 – Beyond Search Fundamentals

Search fundamentals review
Case sensitivity
Using the job inspector to view search performance

Module 3 – Using Transforming Commands for Visualizations

Explore data structure requirements
Explore visualization types
Create and format charts and timecharts

Module 4 – Using Mapping and Single Value Commands

The iplocation command
The geostats command
The geom command
The addtotals command

Module 5 – Filtering and Formatting Results

The eval command
Using the search and where commands to filter results
The filnull command

Module 6 – Correlating Events

Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats

Module 7 – Introduction to Knowledge Objects

Identify naming conventions
Review permissions
Manage knowledge objects

Module 8 – Creating and Managing Fields

Perform regex field extractions using the Field Extractor (FX)
Perform delimiter field extractions using the FX

Module 9 – Creating Field Aliases and Calculated Fields

Describe, create, and use field aliases
Describe, create and use calculated fields

Module 10 – Creating Tags and Event Types

Create and use tags
Describe event types and their uses
Create an event type

Module 11 – Creating and Using Macros

Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro

Module 12 – Creating and Using Workflow Actions

Describe the function of GET, POST, and Search workflow actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action

Module 13 – Creating Data Models

Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot

Module 14 – Using the Common Information Model (CIM) Add-On

Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM Add-On
Use the CIM Add-On to normalize data


Anyone whose role requires them to view or run reports within Splunk. Previous attendees have had various roles within their organisations such as Consultants, IT Operations/Security, Business Intelligence/Business Analysts and Marketing Professionals, Solution Architects and Application Developers.

Related Certifications

Fundamentals 2 Course Dates

Splunk Fundamentals 2 – 4th-7th February

This 18 hour over 4 days course focuses on searching and reporting commands as well as on the creation of…


Splunk Fundamentals 2 – 3rd-6th March

This 18 hour over 4 days course focuses on searching and reporting commands as well as on the creation of…

Training Calendar