سرفصل دوره جامع اسپلانک

مدت دوره: 70 ساعت

عنوان دوره: دوره جامع اسپلانک

 

 

 

Splunk Fundamentals 1

Course Topics

Introduction to Splunk’s interface

Basic searching

Using fields in searches

Search fundamentals

Transforming commands

Creating reports and dashboards

Datasets

The Common Information Model (CIM)

Creating and using lookups

Scheduled Reports

Alerts

Using Pivot

Module 1 – Introduction

How to Use the eLearning Interface

Overview of Buttercup Games Inc.

Module 2 – What is Splunk?

Splunk components

Installing Splunk

Getting data into Splunk

Module 3 – Introduction to Splunk’s User Interface

Understand the uses of Splunk

Define Splunk Apps

Customizing your user settings

Learn basic navigation in Splunk

Module 4 – Basic Searching

Run basic searches

Use autocomplete to help build a search

Set the time range of a search

Identify the contents of search results

Refine searches

Use the timeline

Work with events

Control a search job

Save search results

Module 5 – Using Fields in Searches

Understand fields

Use fields in searches
Use the fields sidebar

Module 6 – Search Language Fundamentals

Review basic search commands and general search practices

Examine the search pipeline

Specify indexes in searches

Use autocomplete and syntax highlighting

Use the following commands to perform searches:

o     tables

o     rename

o     fields

o     dedup

o     sort

Module 7 – Using Basic Transforming Commands

The top command

The rare command

The stats command

Module 8 – Creating Reports and Dashboards

Save a search as a report

Edit reports

Create reports that include visualizations such as charts and tables

Create a dashboard

Add a report to a dashboard

Edit a dashboard

Module 9 – Datasets and the Common Information Model

Naming conventions

What are datasets?

What is the Common Information Model (CMI)?

Module 10 – Creating and Using Lookups

Describe lookups

Create a lookup file and create a lookup definition

Configure an automatic lookup

Module 11 – Creating Scheduled Reports and Alerts

Describe scheduled reports

Configure scheduled reports

Describe alerts

Create alerts
View fired alerts

Module 12 – Using Pivot

Describe Pivot

Understand the relationship between data models and pivot

Select a data model object

Create a pivot report

Create an instant pivot from a search

Add a pivot report to a dashboard

Splunk Fundamentals 2

Course Topics

Transforming commands and visualization

Filtering and formatting Results

Correlating events

Knowledge objects

Fields (Field aliases, field extractions, calculated fields)

Tags and event types

Macros

Workflow actions

Data models

Splunk Common Information Model (CIM)

Class Format

Instructor-led lecture with labs, delivered via virtual classroom or at your site

Module 1 – Introduction

Overview of Buttercup Games Inc.

Lab environment

Module 2 – Beyond Search Fundamentals

Search fundamentals review

Case sensitivity

Using the job inspector to view search performance

Module3 – Using Transforming Commands for Visualizations

Explore data structure requirements

Explore visualization types

Create and format charts and timecharts

Module 4 – Using Mapping and Single Value Commands

The iplocation command

The geostats command

The geom command

The addtotals command

Module 5 -Filtering and Formatting Results

The eval command

Using the search and where commands to filter results

The filnull command

Module 6 – Correlating Events

Identify transactions

Group events using fields

Group events using fields and time

Search with transactions

Report on transactions

Determine when to use transactions vs. stats

Module 7 – Introduction to Knowledge Objects

Identify naming conventions

Review permissions

Manage knowledge objects

Module 8 – Creating and Managing Fields

Perform regex field extractions using the Field Extractor (FX)

Perform delimiter field extractions using the FX

Module 9 – Creating Field Aliases and Calculated Fields

Describe, create, and use field aliases

Describe, create and use calculated fields

Module 10 – Creating Tags and Event Types

Create and use tags

Describe event types and their uses

Create an event type

Module 11 – Creating and Using Macros

Describe macros

Create and use a basic macro

Define arguments and variables for a macro

Add and use arguments with a macro

Module 12 – Creating and Using Workflow Actions

Describe the function of GET, POST, and Search workflow actions

Create a GET workflow action

Create a POST workflow action

Create a Search workflow action

Module 13 – Creating Data Models

Describe the relationship between data models and pivot

Identify data model attributes

Create a data model

Use a data model in pivot

Module 14 – Using the Common Information Model (CIM) Add-On

Describe the Splunk CIM

List the knowledge objects included with the Splunk CIM Add-On

Use the CIM Add-On to normalize data

Threat Detection with Splunk