Course

Skills

Splunk Enterprise Administration: Parsing and Manipulating Data

by Muhammad Awan

This course teaches different methods of parsing and manipulating data in Splunk at index-time. It covers all aspects in the parsing phase of data and teaches you to customize the process through examining, analysing, and transforming the data.

Preview this course

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(11)

Level

Advanced

Updated

Sep 28, 2020

Duration

2h 21m

What you'll learn

Data onboarding in an accurate and efficient manner is the key to timely and reliable monitoring and analysis in Splunk Enterprise.

In this course, Splunk Enterprise Administration: Parsing and Manipulating Data, you’ll learn different methods and techniques to parse and manipulate data at index-time in Splunk.

First, you’ll explore different techniques and options for parsing data while indexing, applying appropriate configuration settings.

Next, you’ll discover how to deal with situations that require extracting custom fields and timestamps as well as overriding the default fields.

Finally, you’ll learn how to route data to specific indexes and filter or mask the event data based on specific criteria.

When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise administration, parsing and manipulating data needed to deploy suitable techniques for handling, parsing and manipulating data while ingesting into Splunk.

Course Overview

1min

Course Overview 2m

Event Processing in Splunk Enterprise

13mins

Configuring Event Line-breaking

20mins

Overview 2m
Configuring Line-breaks in Splunk Enterprise 4m
Demo: Configuring Line-breaking Using a Regex 5m
Demo: Breaking Multi-line Events and Line-merging 4m
Demo: Configuring Line-breaking with Line Breaker Attribute 5m
Summary 1m

Identifying and Parsing Timestamps

27mins

Overview 2m
Configuring Timestamp Recognition in Splunk Enterprise 8m
Demo: Translating Time Zones 5m
Demo: Using Splunk Web for Timestamp Recognition and Extraction 9m
Demo: Overriding Timestamps 3m
Summary 1m

Overriding Default Fields and Custom Fields Extraction

26mins

Overview 1m
Overriding Default Fields at Index-time 8m
Demo: Overriding Default Fields at Index-time 8m
Creating Custom Fields at Index-time 5m
Demo: Creating Custom Fields at Index-time 5m
Summary 0m

Routing and Filtering Events

31mins

Overview 1m
Routing Event Data in Splunk Enterprise 5m
Demo (Part 1): Routing Event Data 8m
Demo (Part 2): Routing Event Data 4m
Filtering Events in Splunk Enterprise 3m
Demo (Part 1): Filtering Events 6m
Demo (Part 2): Filtering Events 4m
Summary 1m

Manipulating Raw Data

20mins

Overview 1m
Manipulating Raw Data in Splunk Enterprise 1m
Manipulating Events Using SEDCMD 2m
Demo (Part 1): Manipulating Events Using SEDCMD 6m
Demo (Part 2): Manipulating Events Using SEDCMD 4m
Manipulating Events Using Regex Transform 1m
Demo: Manipulating Events Using Regex Transform 4m
Summary 1m

About the author

Muhammad Awan

Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and dis... moreseminate the knowledge.

See more courses by Muhammad Awan

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(11)

Level

Advanced

Updated

Sep 28, 2020

Duration

2h 21m

Ready to upskill? Get started

Contact Sales

Splunk Enterprise Administration: Parsing and Manipulating Data

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Splunk Enterprise Administration: Parsing and Manipulating Data

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?