WA2952 Operational Data Analytics with Splunk Training
This training course introduces the students to the Splunk Operational Data Analytics platform. About 70 percent of the course time is dedicated to hands-on exercises and projects that help the students gain practical experience of using Splunk in a variety of scenarios, including data onboarding and forwarding, real-time TCP port and directory monitoring, data querying and visualizations.
Online Virtual Class
Topics
- Splunk components
- Data sources
- SPL
- Forwarders
- Data visualizations
Audience
Data Engineers, Business Analysts, IT Architects, and Technical Managers
Prerequisites
Participants should have the general knowledge of programming using SQL as well as some experience working in UNIX environments (e.g. running shell commands, etc.)
Duration
Two days
Outline for Operational Data Analytics with Splunk Training
Chapter 1. Splunk Introduction
- Splunk Defined
- Splunk Products
- The Magic Quadrant for Security Information and Event Management (SIEM)
- Splunk Editions
- Deployment Options
- Common Components
- Splunk Admin Dashboard (Web UI)
- Events
- Data Indexing
- Distributed Splunk Indexing and Searching
- Architecture for a Multi-Tier Splunk Enterprise Deployment
- Summary
Chapter 2. Splunk Data Sources
- Data Source Types
- The Source Types Automatically Recognized by Splunk
- The "Pre-trained" Source Types
- Windows ® Data Sources
- Data Indexing
- Web UI for Adding Data to Indexer
- Web UI: Adding Data Flow for Local File Upload
- Web UI: Add Data for Monitoring
- Automatic Recognition of Data Source
- Where is My Uploaded File?
- Custom Event Format
- Summary
Chapter 3. Searching and Reporting with Splunk
- Data Searching
- Search Processing Language (SPL)
- Searching and Reporting Activities
- The Search Page
- Core Search Concepts
- Search Command Auto-Completion
- The Search Basics
- Search Command Categories
- Command Examples
- More Examples of Search Commands
- Statistical Commands
- Statistical and Time Functions
- From SQL to SPL - the Translation Table
- Visual Aids for Building Search Queries
- Visualizations
- Save Your Searches as Dashboards
- The Delete Operation
- How Do I Delete My Data?
- Summary
Chapter 4. Splunk Forwarders
- Flavors of Splunk Forwarders
- Forwarder Comparison Table (Abridged)
- The Splunk Forwarder Diagram
- Splunk Universal Forwarder (UF) Supported OSes
- UF Functions
- What UF Cannot Do
- Summary
Lab Exercises
Lab 1. Learning the Lab Environment
Lab 2. Local File Upload
Lab 3. Local File Upload Project
Lab 4. TCP Port Real-time Monitoring
Lab 5. Using Search and Reporting App
Lab 6. Querying for Insights
Lab 7. Understanding Universal Forwarders (For Review Only)
Lab 8. Using Universal Forwarders Project (For Review Only)
Lab 9. Data Visualization
Lab 10. Dealing with Missing Timestamps
Lab 11. The Delete Operation
Lab 12. vi Bare Essentials (Optional)