O'Reilly logo
live online training icon Live Online training

Beginning Splunk

Effectively search, analyze and create knowledge objects in Splunk

Karun Subramanian

Splunk is the most popular operational data intelligence platform. Organizations use Splunk to collect, parse and index petabyte scale machine data. Splunk is used in IT operations, business analytics and SIEM (security information and events management). It provides a versatile query language (Search Processing Language or SPL) and rich set of visualizations that help users make sense of their machine data in numerous ways. While Splunk is an extremely powerful platform, there is a learning curve for most users to fully understand its various features. Not learning the correct techniques can lead to inaccurate results and missing out on time-saving short-cuts. In this training session, users will learn the most effective techniques to make use of their machine data using Splunk. Students will be able to apply the techniques they learn immediately in their own environment.

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • SPL (Search Processing Language) and its various commands
  • The various ways to use critical commands such as stats and eval
  • Creating most common knowledge objects such as Reports and Dashboards
  • Scheduling Reports and Dashboards

And you’ll be able to:

  • Use the correct SPL commands for the problem you are trying to solve
  • Create and customize various visualizations such as pie charts and area charts
  • Create dashboards and share it
  • Schedule dashboards for PDF delivery
  • Setup alerts

This training course is for you because...

  • You are a DevOps engineer trying to implement monitoring and automation
  • You are a support engineer responsible for the heath and availability of applications
  • You are a Security professional trying to use Splunk for threat hunting and incident response
  • You are a business user trying to create reports

Prerequisites

  • Basic knowledge of unix commands and/or SQL
  • Basic understanding of the data you are trying to analyze

Course Set-up

  • You need to have at least user-level access to your organization's Splunk environment. (Power user access recommended)
  • If you do not have access to a Splunk environment, obtain a free Splunk Cloud trial (valid for 15 days from the date of registration): https://www.splunk.com/en_us/campaigns/splunk-cloud-trial.html) or install Splunk Enterprise trial in your PC/Mac

Recommended Preparation

About your instructor

  • Karun is an IT operations expert focusing on modernizing monitoring and observability. With over 20 years of experience, Karun has helped numerous companies transform their IT operations eco system. His area of expertise includes Log aggregation, Time series databases, Cloud Infrastructure and Machine data analytics. He is a Splunk Certified Architect.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Segment 1: Splunk platform basics Length: 20 minutes

  • Splunk platform architecture
  • Getting data in
  • How Splunk organizes data
  • Q&A

Segment 2: Using SPL Length: 60 minutes

  • Search interface walkthrough
  • Anatomy of a Search
  • Logical expressions
  • Using Pipe
  • Using fields
  • Q&A

Break – 10 minutes

Segment 3: Using eval, stats and timechart Length: 60 minutes

  • Stats and eval basics
  • Using stats functions
  • Using eventstats and streamstats
  • Using timechart
  • Q&A

Break – 10 minutes

Segment 4: Creating Reports and Dashboards Length: 60 minutes

  • Create and manage reports
  • Create and manage dashboards
  • Schedule a report
  • Schedule a dashboard for PDF delivery
  • Q&A

Break – 10 minutes

Segment 5: Creating Alerts Length: 20 minutes

  • Create a basic alert
  • Best practices while creating alerts
  • Q&A

Segment 6: Customizing visualizations Length: 20 minutes

  • Customization options
  • Using simple xml
  • Q&A

Course wrap-up and next steps