SPLK-CKNOB - Creating Knowledge Objects
SPLK-CKNOB - Creating Knowledge Objects
Overview
Duration: 3.0 hours
This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.
Objectives
Please refer to course overview
Content
Topic 1 – Knowledge Objects & Search-time Operations
- Understand role of knowledge objects for enriching data
- Define search-time operation sequence
Topic 2 – Creating Event Types
- Define event types
- Create event types using three methods
- Tag event types
- Compare event types and reports
Topic 3 – Creating Workflow Actions
- Identify what are workflow actions
- Create a GET, POST, and search workflow action
- Test workflow actions
Topic 4 – Creating Tags and Aliases
- Describe field aliases and tags
- Create field aliases and tags
- Search with field aliases and tags
Topic 5 – Creating Search Macros
- Explain search macros
- Create macros with and without arguments
- Validate macro arguments
- Use and preview macros at search time
- Create and use nested macros
- Use macros with other knowledge objects
Topic 6 – Creating Calculated Fields
- Explain calculated fields
- Create a calculated field
- Use a calculated field in search
Audience
Knowledge Managers
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Knowledge Objects
Certification
Lịch khai giảng
Form đăng ký
Các khóa đào tạo Splunk khác
Cơ hội nhận ưu đãi học phí lên tới 60%
Đăng ký tư vấn
cùng đội ngũ chuyên gia Trainocate!!
Xác nhận gửi thành công
Cảm ơn bạn đã để lại thông tin.
Đội ngũ chuyên gia của Trainocate đang trong quá trình xác nhận thông tin và sẽ kết nối với bạn trong vòng 24 giờ.
Bản quyền thuộc về Trainocate Việt Nam