Course for ES Administrators: Advanced Searching & Reporting
This training Course for ES Administrators: Advanced Searching & Reporting focuses on more advanced search and reporting commands. The examples and hands-on challenges empower the users to create robust searches, reports, and the charts. Students or participants are coached through difficult searches to produce final results. Lessons add optimizing searches, additional charting commands, and the functions, configuring and calculating results, correlating events, and using merged searches and the subsearches.
Basic knowledge of this programming language is recommended. The curriculum is supplemented with many practical exercises. The Splunk System Administration Advanced course teaches about the robust controls in the base instance in modules and labs to reinforce daily tasks. Course labs are designed step‑by‑step to facilitate the application of concepts.
-
Module 1 – Using Search Efficiently
- Lesson 1: Review search architecture
- Lesson 2: Understand how the components of a bucket (.tsidx an djournal.gz files) are used
- Lesson 3: How bloom filters are used to improve search speed
- Lesson 4: Describe the parts of a search string
- Lesson 5: Understand the use of centralized vs. distributable commands
- Lesson 6: Create better searches
-
Module 2 – More Search Tuning
-
Module 3 – Manipulating and Filtering Data
-
Module 4 – Working with Multivalue Fields
-
Module 5 – Using Advanced Transactions
-
Module 6 – Working with Time
-
Module 7 – Combining Searches
-
Module 8 – Using Subsearches
-
Module 9 – Some Extra Tips
0.00 average based on 0 ratings
