This nine-hour advanced Splunk course focuses on more complex search and reporting techniques such as using sub-searches, statistical functions, data manipulation, advanced charting, custom time ranges, and lookups. Students are guided through hands-on challenges and complex search scenarios to produce final results. Major topics include the Splunk search process, correlating events, enriching data, and troubleshooting searches.

1. Splunk Education Services
Advanced Searching and Reporting with Splunk 5.0
This nine-hour course supplements the Searching and Reporting
with Splunk class. It focuses on more advanced search and reporting
commands. Scenario-based examples and hands-on challenges
enable users to create robust searches, reports, and charts. Students
are coached step by step through complex searches to produce final
results. Major topics include the Splunk search process, using sub-
searches, using additional statistical commands and functions,
formatting and calculating results, charting commands and options,
correlating events, enriching data with lookups, and more.
Course Topics
 Beyond Search Fundamentals
 Using Sub-searches
 Using Advanced Statistics, Data Manipulation, & Filtering
 Using Advanced Charting
 Sorting, Searching and Reformatting Time
 Using Advanced Transactions
 Using Advanced Lookups
Course Prerequisites
Using Splunk and Searching and Reporting with Splunk courses
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at
your site.
Course Objectives
Lesson 1 – Beyond Search Fundamentals
 Using the proper case in searches
 Describing Splunk’s search process
 Using the search inspector to view search performance
 Using the search inspector to troubleshoot searches
Lesson 2 – Using Sub-Searches
 Using sub-searches to correlate data
 Finding events that match values from a sub-search
 Finding events that do not match values from a sub-search
Lesson 3 – Using Advanced Statistics
 Using the appendpipe command
 Using statistical functions such as min, max, mean, median, and
standard deviation
 Using the streamstats command
 Using the eventstats command
Lesson 4 – Using Data Manipulation, and Filtering
 Using functions of the where command
 Using functions of the eval command
Lesson 5– Using Advanced Charting
 Using the addtotals command
 Using the rangemap command
 Using the append command
Lesson 6 – Sorting, Searching, and Reformatting Time
 Using time modifiers
 Searching for events using custom time ranges
 Searching for events within a window of time
 Displaying and use using relative dates
 Using custom time ranges in multiple sub-searches
Lesson 7 – Using Advanced Transactions
 Finding events logged before a particular event occurs
 Finding events logged after a particular event occurs
 Comparing complete transactions
 Analyzing transactions
Lesson 8 – Using Advanced Lookups
 Using lookup tables to include or exclude events
 Using time-based lookups
 Configuring time-based lookups
 Using lookups in alerts
Splunk Education Tracks
User: For all day-to-day Splunk users including customer support
staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators of
other systems who will just be using Splunk should take the User
track.)
Architect: For architects who will be designing Splunk
deployments, including architects on staff at customer
deployments, as well as partner professional services personnel.
Developer: For developers who will integrate, customize and
extend Splunk using its XML templates and advanced configuration
bundling.
Support Engineer: For Splunk OEM and channel partner support
staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer
Support
Engineer
Using Splunk ✓ ✓ ✓ ✓ ✓
Searching and
Reporting with Splunk
✓ ✓ ✓ ✓
Advanced Searching
and Reporting with
Splunk
✓ ✓ ✓ ✓
Administrating Splunk ✓ ✓ ✓
Advanced Splunk
Administration
✓ ✓ ✓
Architecting and
Deploying Splunk
✓ ✓
Developing Apps with
Splunk
✓ ✓ ✓
Splunk Architect
Certification Lab
✓
Supporting Splunk ✓

2. Splunk Education Services
About Splunk
Splunk is software that indexes,
manages and enables you to search
data from any application, server or
network device in real time.
Visit our website at www.splunk.com
to download your own free copy.
Splunk Inc.
250 Brannan
San Francisco, CA 94107
866.GET.SPLUNK
(866.438.7758)
sales@splunk.com
support@splunk.com