Contenuti dettagliati del Corso
Module 1 – Knowledge Objects & Search-time Operations
- Understand role of knowledge objects for enriching data
- Define search-time operation sequence
Module 2 – Create Event Types
- Define event types
- Create event types using three methods
- Use event types
- Find event types
- Tag event types
- Compare event types and reports
Module 3 – Create Workflow Actions
- Administer Splunk user roles
- Integrate Splunk with LDAP, Active Directory, or SAML
Module 4 – Create Tags and Aliases
- Describe field aliases
- Create field aliases
- Search with field aliases
- Define tags
- Create and view tags
- Search with tags
- Manage tags
Module 5 – Create Search Macros
- Define macros
- Create macros with and without arguments
- Validate macro arguments
- Use and preview macros at search time
- Use nested macros
- Use macros with other knowledge objects
- Use tags/event types with macros
- Create macros: considerations
Module 6 – Create Calculated Fields
- Explain calculated fields
- Create a calculated field
- Use a calculated field