Creating Knowledge Objects (CKO) – Contenuti

Contenuti dettagliati del Corso

Module 1 – Knowledge Objects & Search-time Operations

• Understand role of knowledge objects for enriching data
• Define search-time operation sequence

Module 2 – Create Event Types

• Define event types
• Create event types using three methods
• Use event types
• Find event types
• Tag event types
• Compare event types and reports

Module 3 – Create Workflow Actions

• Administer Splunk user roles
• Integrate Splunk with LDAP, Active Directory, or SAML

Module 4 – Create Tags and Aliases

• Describe field aliases
• Create field aliases
• Search with field aliases
• Define tags
• Create and view tags
• Search with tags
• Manage tags

Module 5 – Create Search Macros

• Define macros
• Create macros with and without arguments
• Validate macro arguments
• Use and preview macros at search time
• Use nested macros
• Use macros with other knowledge objects
• Use tags/event types with macros
• Create macros: considerations

Module 6 – Create Calculated Fields

• Explain calculated fields
• Create a calculated field
• Use a calculated field