Creating Knowledge Objects

This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.

Utbildningsformer
Remote

Längd
timmar

Pris
5075 kr

Knowledge Managers

Knowledge Objects and Search-time Operations

Creating Event Types

Using Event Type Builder

Creating Workflow Actions

Creating Tags and Aliases

Creating Serach Macros

To be successful, students should have a solid understanding of the following:

How Splunk works

Knowledge Objects

Topic 1 - Knowledge Objects and Search-time Operations

Understand role of knowledge objects for enriching data

Define search-time operation sequence

Topic 2 - Creating Event Types

Define event types

Create event types using three methods

Tag event types

Compare event types and reports

Topic 3 - Creating Workflow Actions

Identify what are workflow actions

Create a GET, POST, and search workflow action

Test workflow actions

Topic 4 - Creating Tags and Aliases

Describe field aliases and tags

Create field aliases and tags

Search with field aliases and tags

Topic 5 - Creating Search Macros

Explain search macros

Create macros with and without arguments

Validate macro arguments

Use and preview macros at search time

Create and use nested macros

Use macros with other knowledge objects

Topic 6 - Creating Calculated Fields

Explain calculated fields

Create a calculated field

Use a calculated field in search

Utbildningen levereras i samarbete med:

Dela: