rdmershon / pretty-good-beginner-splunk-course Goto Github PK

• team background ETL Development mostly done on SQL
• loading batch files from clients to Data warehouse
• currently using splunk ( FTP logs, system event logs ) -> Other potentials ( logins -> whose logged in but not badged in? )
• Gain more expertise with the tool ( Alerting and Responding ) -> Cron jobs examples for running and reacting to events
• Alerting and Monitoring Production Events
• Digital Books ( ensure private hosting of materials; zip )

PRAC APP:

• Day 1 Admin, Lab Setup, Definitions and Data Loading
• Day 2 Queries,Reporting, and Alerting ( Results known )
• Day 3 Adv Queries, Reporting, and Alerting ( Logs pulled from an environment under seige )
  • Automation
  • ML Tool Kit
  • Security Playbook

• Introduction

• What is Splunk?

• Basic Searching

• Using Fields in Searches

• Search Language Fundamentals

• Using Basic Transforming Commands

• Creating Reports and Dashboards

• Datasets and the Common Information Model

• Creating and Using Lookups

*. Creating Scheduled Reports and Alerts

*. Using Pivot

• Beyond Search Fundamentals

• Using Transforming Commands for Visualizations

• Using Mapping and Single Value Commands

• Filtering and Formatting Results

• Correlating Events

• Introduction to Knowledge Objects

• Creating and Managing Fields

• Creating Field Aliases and Calculated Fields

• Creating Tags and Event Types

• Creating and Using Macros

• Creating and Using Workflow Actions

• Creating Data Models

• Using the Common Information Model (CIM) Add-On