Course Code: 19044

Splunk Training - Operational Data Analytics

Class Dates:
2 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • This 2 day Splunk training course introduces the students to the Splunk Operational Data Analytics platform.

    Splunk is one of the first platforms to help make sense of log data. Splunk is not just a tool for IT Ops. It’s a tool for developers. In fact, it’s a tool for everyone who’s interested in using the power of data. There are a lot of use cases for Splunk, but first, you need to learn what it’s capable of and how to get the most of it.

    This Splunk training course demonstrates through interactive hands-on practice how to search, analyze, and visualize data using Splunk.

    About 70 percent of this Splunk course time is dedicated to hands-on exercises and projects that help the students gain practical experience of using Splunk in a variety of scenarios, including data onboarding and forwarding, real-time TCP port and directory monitoring, data querying and visualizations.

  • Audience
  • Data Engineers, Business Analysts, IT Architects, and Technical Managers


Course Details

  • Chapter 1. Splunk Introduction
  • Splunk Defined
  • Splunk Products
  • The Magic Quadrant for Security Information and Event Management (SIEM)
  • Splunk Editions, Deployment Options
  • Common Components
  • Splunk Admin Dashboard (Web UI)
  • Events
  • Data Indexing
  • Distributed Splunk Indexing and Searching
  • Architecture for a Multi-Tier Splunk Enterprise Deployment
  • Chapter 2. Splunk Data Sources
  • Data Source Types
  • The Source Types Automatically Recognized by Splunk
  • The “Pre-trained” Source Types
  • Windows ® Data Sources, Data Indexing
  • Web UI for Adding Data to Indexer
  • Web UI: Adding Data Flow for Local File Upload
  • Web UI: Add Data for Monitoring
  • Automatic Recognition of Data Source
  • Where is My Uploaded File?
  • Custom Event Format
  • Chapter 3. Searching and Reporting with Splunk
  • Data Searching, Search Processing Language (SPL)
  • Searching and Reporting Activities
  • The Search Page, Core Search Concepts
  • Search Command Auto-Completion, The Search Basics
  • Search Command Categories, Command Examples
  • More Examples of Search Commands
  • Statistical Commands, Statistical and Time Functions
  • From SQL to SPL – the Translation Table
  • Visual Aids for Building Search Queries
  • Visualizations, Save Your Searches as Dashboards
  • The Delete Operation
  • How Do I Delete My Data?
  • Chapter 4. Splunk Forwarders
  • Flavors of Splunk Forwarders
  • Forwarder Comparison Table (Abridged)
  • The Splunk Forwarder Diagram
  • Splunk Universal Forwarder (UF) Supported OSes
  • UF Functions
  • What UF Cannot Do
  • Lab Exercises
  • Lab 1. Learning the Lab Environment
  • Lab 2. Local File Upload
  • Lab 3. Local File Upload Project
  • Lab 4. TCP Port Real-time Monitoring
  • Lab 5. Using Search and Reporting App
  • Lab 6. Querying for Insights
  • Lab 7. Understanding Universal Forwarders (For Review Only)
  • Lab 8. Using Universal Forwarders Project (For Review Only)
  • Lab 9. Data Visualization
  • Lab 10. Dealing with Missing Timestamps
  • Lab 11. The Delete Operation
  • Lab 12. vi Bare Essentials (Optional)