Overview

This eLearning course gives students additional insight into how Splunk processes searches. Students will learn about Splunk architecture, how components of a search are broken down and distributed across the pipeline, and how to troubleshoot searches when results are not returning as expected.

Skills Covered

Please refer to course overview.

Prerequisites

  • Intro to Splunk eLearning course

Target Audience

Everyone can attend.

Course Curriculum

Module 1: Investigating Searches

  • Use the Search Job Inspector to examine how a search was processed and troubleshoot performance
  • Use SPL commenting to help identify and isolate problems

Module 2: Splunk Architecture

  • Understand the role of search heads, indexers, and forwarders in a Splunk deployment
  • Understand how the components of a bucket (.tsidx and journal.gz files) are used
  • Understand how bloom filters are used to improve search speed

Module 3: Streaming and Non-Streaming Commands

  • Describe the parts of a search string
  • Understand the use of centralized vs. distributable commands
  • Create more efficient searches

Module 4: Breakers and Segmentation

  • Understand how segmenters are used in Splunk
  • Use lispy to reduce the number of events read from disk

Module 5: Commands and Functions for Troubleshooting

  • Using the fieldsummary command
  • Using the makeresults command
  • Using information functions with the eval command
    • the isnull function
    • the typeof function

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections
Trainocate exam and cert

Exam & Certification

This course is not associated with any Certification.

Training & Certification Guide

Frequently Asked Questions

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes