SPLK-CKNOB - Creating Knowledge Objects

This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.

Code: splk-cknob

Duration: 3.0 hours

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

  • Knowledge Objects and Search-time Operations
  • Create Event Types
  • Create Workflow Actions
  • Create Tags and Aliases
  • Create Search Macros
  • Create Calculated Fields

Content

Topic 1 – Knowledge Objects & Search-time Operations

  • Understand role of knowledge objects for enriching data
  • Define search-time operation sequence

Topic 2 – Create Event Types

  • Define event types
  • Create event types using three methods
  • Use event types
  • Find event types
  • Tag event types
  • Compare event types and reports

Topic 3 – Create Workflow Actions

  • Identify what are workflow actions
  • Create a GET, POST, and search workflow action
  • Test workflow actions

Topic 4 – Create Tags and Aliases

  • Describe field aliases
  • Create field aliases
  • Search with field aliases
  • Define tags
  • Create and view tags
  • Search with tags
  • Manage tags

Topic 5 – Create Search Macros

  • Define macros
  • Create macros with and without arguments
  • Validate macro arguments
  • Use and preview macros at search time
  • Use nested macros
  • Use macros with other knowledge objects
  • Use tags/event types with macros
  • Create macros: considerations

Topic 6 – Create Calculated Fields

  • Explain calculated fields
  • Create a calculated field
  • Use a calculated field

Audience

  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect

Prerequisites

To be successful, students should have completed the following courses:

  • Search Under the Hood
  • Multi-value Fields

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-sefs

This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts.

splk-iiss

This course prepares security practitioners to use SOAR to respond to security incidents.

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.
Enquire Now
 
 
 
 
ICigkf
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy