Splunk by Cisco
General
The Splunk Platform
Statistical Processing (SP-SSP)
Duration: 1 DayAbout the course
This course is for Splunk users, analysts, and administrators who want to advance their data analysis skills using Splunk’s statistical commands. This course covers essential statistical functions and commands such as stats, eventstats, streamstats, and tstats with a focus on summarizing, analyzing, and reporting on large datasets.
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
Course Objectives
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk
- Using Fields (SUF)
- Visualizations (SVZ)
- Working with Time (WWT)
Course content
Module 1 - What is a Data Series
- Introduce data series
- Explore the difference between single-series, multi-series, and time series data series
Module 2 - Transforming Data
- Use the chart, timechart, top, rare, and stats commands to transform events into data tables
Module 3 – Statistical Aggregation with the stats Command
- Define aggregation
- Explore the stats command and eight of its functions
Module 4 – Manipulating Data with the eval Command
- Explore the eval command
- Explore and perform calculations using mathematical and statistical eval functions
- Perform calculations and concatenations on field values
- Use the eval command as a function with the stats command
Module 5 – Formatting Data
- Use the rename command
- Use the sort command
Who Should Attend
- Users/Analysts
- Administrators
- Engineers