Course for Splunk Architects: Advanced Searching & Reporting
This training Course for Splunk Architects: Advanced Searching & Reporting concentrates on more advanced search and reporting commands. The examples and challenges allow the users to create robust searches, reports, and charts. Students are told through difficult searches to produce final results. Most of the lessons add optimizing searches, additional charting commands and functions, formatting and the calculating results, correlating events, and using merged searches and the subsearches.
This training focuses on large enterprise deployments. Participants will be able to understand the different best practices and steps for preparing, data collecting, and sizing. Workshop style labs provide the participants with an opportunity to devise a deployment based on a common distributed use case.
-
Module 1 – Using Search Efficiently
- Lesson 1: Review search architecture
- Lesson 2: Understand how the components of a bucket (.tsidx an djournal.gz files) are used
- Lesson 2: How bloom filters are used to improve search speed
- Lesson 3: Describe the parts of a search string
- Lesson 4: Understand the use of centralized vs. distributable commands
- Lesson 5: Create better searches
-
Module 2 – More Search Tuning
-
Module 3 – Manipulating and Filtering Data
-
Module 4 – Working with Multivalue Fields
-
Module 5 – Using Advanced Transactions
-
Module 6 – Working with Time
-
Module 7 – Combining Searches
-
Module 8 – Using Subsearches
-
Module 9 – Some Extra Tips
0.00 average based on 0 ratings
