Advanced Searching and Reporting with Splunk Enterprise
This course will teach you different searching and reporting techniques used to address complex data analysis and reporting problems. It will also focus on developing robust, optimal and efficient searches.
What you'll learn
Splunk is a data analysis and aggregation tool that utilizes a multitude of techniques for data analysis and reporting. The end goal of having a Splunk infrastructure in place is to correlate and analyze the data and derive useful insights for forecasting, capacity planning, and decision making as well as security incident management. In this course, Advanced Searching and Reporting with Splunk Enterprise, you’ll learn different methods and techniques to correlate, search, and analyze data to answer complex questions thus helping management at all tiers in risk mitigation, incident response, forecasting, and decision making. First, you’ll explore different techniques for search optimization and writing efficient queries using Search Processing Language. Next, you’ll discover how to manipulate and filter data in Splunk Enterprise. Finally, you’ll learn how to combine searches, use sub-searches, and leverage advanced transactions. When you’re finished with this course, you’ll have the skills and knowledge needed to create optimal and efficient searches and reports and solve complex data analysis problems using advanced analytics through SPL commands.
Table of contents
- Overview 2m
- Data Handling and Search Process in Splunk Enterprise 4m
- What Is Inside a Bucket? 2m
- Event Segmentation for Keyword Searching 1m
- Working and Use of Bloom Filters in Splunk Enterprise 3m
- Types of SPL Commands 3m
- Ensuring Search Efficiency and Search Optimization 6m
- Demo: Using the Job Inspector for Troubleshooting and Monitoring Search Performance 5m
- Summary 1m
- Overview 1m
- Setting-up the Test Environment 6m
- Grouping and Ungrouping Data in Splunk Enterprise 4m
- Demo: Grouping and Ungrouping Using contingency and untable Commands 8m
- Grouping Data Using xyseries Command 1m
- Demo: Grouping Data Using xyseries Command 6m
- Working with Regex for Data Matching and Field Extractions 2m
- Demo: Working with Regex for Data Matching and Field Extractions 10m
- Summary 1m
- Overview 1m
- Multi-value Fields in Splunk Enterprise 1m
- Multi-value stats and chart Functions 1m
- Demo: Multi-value stats and chart Functions 5m
- Multi-value SPL Commands 1m
- Demo: Multi-value and Single-value Fields Conversion 3m
- Demo (Part I): Multi-value SPL Commands 4m
- Demo (Part II): Multi-value eval Functions 7m
- Demo (Part I): More Multi-value eval Functions 2m
- Demo (Part II): More Multi-value eval Functions 6m
- Summary 1m
About the author
Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and dis... more