This nine-hour Splunk course focuses on search and reporting commands. Through scenario-based examples and hands-on challenges, students will learn to create robust searches, reports, and charts. Major topics include statistics and reporting, formatting and calculating results, charting commands, correlating events, enrichment with lookups, and summaries. The course assumes students have taken the prerequisite Using Splunk course and will be taught through instructor-led lectures and labs either virtually or on-site.

1. Splunk Education Services
Searching and Reporting with Splunk 5.0
This nine-hour course focuses on Splunk's search and reporting
commands. Scenario-based examples and hands-on challenges
enable users to create robust searches, reports and charts. Major
topics include statistics and reporting, formatting and calculating
results, charting commands and options, correlating events,
acceleration summaries, enriching data with lookups, and more.
Course Topics
 Getting Statistics
 Analyzing, Calculating, and Formatting
 Creating Charts
 Correlating Events
 Enriching Data with Lookups
 Creating and Using Summaries
 Creating and Using Macros
Course Prerequisites
Using Splunk course
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at
your site.
Course Objectives
Lesson 1 – Search Fundamentals
 Review basic search commands and general search practices
 Review fields and use the fields command
 Create a table
Lesson 2 – Getting Statistics
 Describe the stats command
 Display top and rare values for given fields
 Use the stats command to create a statistical reports
Lesson 3 – Analyzing, Calculating, and Formatting
 Understand the eval command
 Perform calculations on field values
 Convert, round, and format field values
 Use conditional statements
Lesson 4 – Creating Charts
 Create charts and time charts
 Split values into multiple series
 Omit null and other values from charts
 Apply statistical functions
Lesson 5 – Correlating Events
 Identify transactions
 Correlate events
 Report on transactions
Lesson 6 – Enrich Data with Lookups and Workflow Actions
 Create and use a lookup table
 Configure automatic and time-based lookups
 Add a workflow action: WHOIS lookup
Lesson 7 – Report Acceleration
 Creating and using summaries
 Searching against summaries
Lesson 8 – Macros
 Manage macros
 Create and use a basic macro
 Define and use arguments and variables for a macro
Splunk Education Tracks
User: For all day-to-day Splunk users including customer support
staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators
of other systems who will just be using Splunk should take the User
track.)
Architect: For architects who will be designing Splunk
deployments, including architects on staff at customer deployments
as well as partner professional services personnel.
Developer: For developers who will integrate, customize and
extend Splunk using its XML templates and advanced configuration
bundling.
Support Engineer: For Splunk OEM and channel partner support
staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer
Support
Engineer
Using Splunk
✓ ✓ ✓ ✓ ✓
Searching and
Reporting with Splunk ✓ ✓ ✓ ✓
Administrating Splunk
✓ ✓ ✓
Advanced Splunk
Administration ✓ ✓ ✓
Architecting and
Deploying Splunk ✓ ✓
Developing Apps with
Splunk ✓ ✓ ✓
Splunk Architect
Certification Lab ✓
Supporting Splunk
✓
About Splunk
Splunk is software that indexes,
manages and enables you to search
data from any application, server or
network device in real time.
Visit our website at www.splunk.com
to download your own free copy.
Splunk Inc.
250 Brannan
San Francisco, CA 94107
866.GET.SPLUNK
(866.438.7758)
sales@splunk.com
support@splunk.com