SPLK-WTIME - Working with Time

Overview

Duration: 3.0 hours

This three-hour course is for power users who want to become experts at using time in searches. Topics will focus on searching and formatting time in addition to using time commands and working with time zones.

Objectives

Please refer to course overview

Audience

Search Experts Knowledge Managers

Content

Topic 1 – Searching with Time

Understand the_time field and timestamps
View and interact with the event Timeline
Use the earliest and latest time modifiers
Use the bin command with the _time field

Topic 2 – Formatting Time

Use various date and time eval functions to format time

Topic 3 – Using Time Commands

Use the timechart command
Use the timewrap command

Topic 4 – Working with Time Zones

Understand how time and timezones are represented in your data
Determine the time zone of your server
Use strftime to correct timezones in results

Prerequisites

To be successful, students should have a solid understanding of the following:

How Splunk works
Creating Search queries
The eval command

Certification

Schedule

Enquire Now

By clicking "Submit", I agree to the Terms Of Use and Privacy Policy

➤