Splunk by Cisco
General
The Splunk Platform
Comparing Values (SP-SCV)
About the course
This course is designed for Splunk users, analysts, and administrators who want to compare and analyze datasets. You will use the eval, where, and if commands, along with the like and case functions to compare and visualize datasets.
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Visualizations (SVZ)
- Working with Time (WWT)
- Statistical Processing (SSP)
Course content
Module 1 - Using eval to Compare
- Understand the eval command
- Explain evaluation functions
- Identify and use comparison and conditional functions
- Use the fieldformat command to format field values
Module 2 - Filtering with where & Managing Missing Data
- Use the where command to filter results
- Use wildcards with the where command
- Filter fields with the information functions, isnull and isnotnull
- Manage missing data with the fillnull command
Who Should Attend
- Users/Analysts
- Administrators
- Engineers