trainocate-splunk-training-b
Home > Vendors > splunk > splk-mvf

SPLK-MVF - Multivalue Fields

Overview

Duration: 3.0 hours

This three-hour course is for power users who want to become experts in searching and manipulating multi-value data. Topics will focus on using multi-value Eval functions and multi value commands to create, evaluate, and analyze multi-value data.

Objectives

  • What are Multi-value Fields?
  • Create Multi-value Fields
  • Evaluate Multi-value Fields
  • Analyze Multi-value Fields

Content

Topic 1 – What are Multi-value Fields?

  • Define multi-value fields
  • Define self-describing data
  • Understand how JSON data is handled in Splunk
  • Use the spath command to interpret self-describing data
  • Manipulate multi-value fields with mv zip and mv expand
  • Convert single-value fields to multi-value fields with specific commands and functions

Topic 2 – Create Multi-value Fields

  • Create multi-value fields with the make mv command and the split function of the eval command

Topic 3 – Evaluate Multi-value Fields

  • Use the mv count, mv index, and mv filter eval functions to evaluate multi-value fields

Topic 4 – Analyze Multi-value Data

  • Use the mv sort, mv zip, mv join, mv map, and mv append eval functions and the mv expand command to analyze multi-value data

Audience

  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect

Prerequisites

To be successful, students should have completed the following courses:

  • Search Under the Hood

Certification

Schedule




Enquire Now
 
 
 
 
Y7V6qU
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy