top of page
Splunk Training Provider Authorised Learning Partner Australia

Splunk Fundamentals 2 - Legacy Course Information

The Splunk Fundamentals 2 course focuses on searching and reporting commands as well as on the creation of knowledge objects.

​

Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).​

​

This Fundamentals 2 Splunk Courses have been replaced by shorter Splunk single-subject course modules, this page have been retained to assist customers.

 

To see which courses have replaced Splunk Fundamentals 2 and book the equivalent course click here Single-subject to Multi-subject course mapping.

 

Alternatively contact one of our Training Consultants on 1300 245 802 or email sales@ingeniq.com.au 

Splunk Fundamentals 2 - Legacy Course Information

The instructor was very responsive to questions and queries both private and Communal.. Final module collaborative lab walkthrough on screen was particularly helpful.

Participant, Splunk Fundamentals 2

Splunk Fundamentals 2 - Legacy Course Information

Splunk Fundamentals 2 - Course Topics

  • Transforming commands and visualisation

  • Filtering and formatting results

  • Correlating events

  • Knowledge objects

  • Fields(Field aliases, field extractions, calculated fields)

  • Tags and event types

  • Macros

  • Workflow actions

  • Data models

  • Splunk Common Information Model (CIM)

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites

Splunk Fundamentals 1

or the following single subject courses

​

  • What is Splunk

  • Intro to Splunk

  • Using Fields

  • Scheduling Reports & Alerts

  • Visualisations

  • Intro to Knowledge Objects

Related Certifications

Splunk Core Certified Power User

Splunk Core Certified Advanced Power User
Splunk Enterprise Certified Admin
Splunk Enterprise Certified Architect
Splunk Core Certified Consultant

Splunk Fundamentals 2 - Audience

Anyone whose role requires them to view or run reports within Splunk. Previous attendees have had various roles within their organisations such as Consultants, IT Operations/Security, Business Intelligence/Business Analysts and Marketing Professionals, Solution Architects and Application Developers.

After completing Splunk Fundamentals 2 course you will be able to

  • Create searches using the Splunk Search Processing Language

  • Use many common search commands to create statistics, evaluate data, sort, rename and add totals

  • Create tables and charts using your newfound search commands

  • Customise charts by adding filters to show only certain data, create stacked charts and charts based on time

  • Perform calculations on your event data, use conditional expressions

  • Correlate data using transactions

  • Learn to create valuable knowledge objects which you can reuse time and time again

  • Extract fields at search time with Splunk’s interactive field extractor tool

  • Create macro’s and pass arguments into your search

  • Utilise workflow actions which enable you to launch and interact with external resources

  • Create powerful data models which can be used to run the Pivot tool

  • Add value to your event data using lookups

Splunk Fundamentals 2 - Legacy Course Information

Splunk Fundamentals 2 - Course Objectives

Module 1 – Introduction

  • Overview of Buttercup Games Inc.

  • Lab environment

Module 2 – Beyond Search Fundamentals

  • Search fundamentals review

  • Case sensitivity

  • Using the job inspector to view search performance

  • Audience

Module 3 - Using Transforming Commands for Visualisations

  • Explore data structure requirements

  • Explore visualization types

  • Create and format charts and timecharts

Module 4 - Using Mapping and Single Value Commands

  • The iplocation command

  • The geostats command

  • The geom command

  • The addtotals command

Module 5 - Filtering and Formatting Results

  • The eval command

  • Using the search and where commands to filter results

  • The filnull command

Module 6 – Correlating Events

  • Identify transactions

  • Group events using fields

  • Group events using fields and time

  • Search with transactions

  • Report on transactions

  • Determine when to use transactions vs. stats

Module 7 – Introduction to Knowledge Objects

  • Identify naming conventions

  • Review permissions

  • Manage knowledge objects

Module 8 – Creating and Managing Fields

  • Perform regex field extractions using the Field Extractor (FX)

  • Perform delimiter field extractions using the FX

Module 9 – Creating Field Aliases and Calculated Fields

  • Describe, create, and use field aliases

  • Describe, create and use calculated fields

Module 10 – Creating Tags and Event Types

  • Create and use tags

  • Describe event types and their uses

  • Create an event type

Module 11 – Creating and Using Macros

  • Describe macros

  • Create and use a basic macro

  • Define arguments and variables for a macro

  • Add and use arguments with a macro

Module 12 – Creating and Using Workflow Actions

  • Describe the function of GET, POST, and Search workflow actions

  • Create a GET workflow action

  • Create a POST workflow action

  • Create a Search workflow action

Module 13 – Creating Data Models

  • Describe the relationship between data models and pivot

  • Identify data model attributes

  • Create a data model

  • Use a data model in pivot

Module 14 – Using the Common Information Model (CIM) Add-On

  • Describe the Splunk CIM

  • List the knowledge objects included with the Splunk CIM Add-On

  • Use the CIM Add-On to normalize data

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

bottom of page