Practical Splunk for Beginners




Hands-on approach to learning the Splunk platform to search, report, and visualize machine-generated data.


Practical Splunk for Beginners LiveLessons provides you with functional, hands-on instruction on how to create data intelligence from machine-generated data.

About the Instructor

Karun Subramanian is an IT operations expert focusing on modernizing monitoring and observability. With over 20 years of experience, Karun has helped numerous companies transform their IT operations ecosystem. His expertise includes log aggregation, time series databases, cloud infrastructure, and machine data analytics. He is a Splunk Certified Architect. Karun is the author of the book Practical Splunk Search Processing Language: A Guide for Mastering SPL Commands for Maximum Efficiency and Outcome.

Skill Level

Beginner to Intermediate

Learn How To

  • Search using Search Processing Language (SPL)
  • Group and correlate events
  • Perform statistical calculations from search results
  • Visualize data using charts
  • Create reports and alerts
  • Create dashboards
  • Use lookups to enhance search results

Who Should Take This Course

  • Users in IT Operations area who need to use Splunk for monitoring and troubleshooting their applications and infrastructure
  • Application developers and architects will also find the course useful for analyzing application log files.
  • Security professionals can make use of the course if they use Splunk as an SIEM platform

Course Requirements

  • Basic Linux commands
  • Basic SQL queries

Lesson Descriptions:

Lesson 1: The Splunk Platform

In this lesson Karun covers the basics of the Splunk platform. You learn what Splunk is and why organizations use it. He reviews the various components that make up the Splunk platform. He covers the role of a Splunk search head and an indexer. He also covers the practical ways Splunk can be utilized in your organization. Finally, Karun shows you how to install and set up Splunk in your own local environment. Learning is lot easier and fun when you have your own Splunk environment. By the end of the lesson you will have a good understanding of the Splunk platform, setting you up for more learning and effective use.

Lesson 2: Search Processing Language

This lesson dives into the Splunk Search Processing Language, also known as SPL, which is the backbone of the Splunk platform. Karun presents the Splunk search interface to you by walking you through the Splunk Web search and reporting app. Then he moves on to exploring the structure and syntax of an SPL query. Karun talks about components you can use in an SPL Query such as wildcards, key value pairs, Boolean expressions, and the all-powerful PIPE. Finally, you start to run your own searches. Karun reviews plenty of examples that cover various aspects of an SPL query. By the end of this lesson you will have learned how to start running simple SPL queries to retrieve data from Splunk.

Lesson 3: Creating Statistics

In Lesson 3 you learn one of the most useful functions of Splunk—creating statistics out of your machine data. Karun starts by exploring how to use the Stats command. Then he explores many examples of the Stats command, and you learn how to use mathematical functions. You then learn one of the most utilized commands in SPL, Eval. Using Eval, you learn how to create and manipulate field values. Finally, you learn how to plot metrics against time, using the Timechart command. By the end of this lesson, you will know how to use Stats, Eval, and Timechart to produce useful data-intelligence from your machine data.

Lesson 4: Fields and Field Extractions

Fields enable you to tailor your searches. Fields are searchable key-value pairs in your data. First Karun cover fields in general and then turns to how they are used in Splunk. Next, he explores how to use the Field extraction wizard, which is a menu-driven GUI that you can use to create fields without having to type regular expressions. Finally, Karun covers the Rex command, with plenty of examples of extracting fields using SPL. Learning to use the Rex command will come in very handy when you have to manually extract fields from your data. By the end of this lesson you will have learned how to extract and use fields in your data.

Lesson 5: Grouping Events and Using Lookups

In this lesson, you learn even more ways to explore and enhance your machine data using Splunk. First, learn the techniques you can use to group and correlate data. You do this by exploring the Transaction command. Next you learn how to use the Join and Append family of SPL commands. They can be extremely helpful for correlating data. Finally, you learn to use one of the widely used knowledge objects, lookups, to enhance your search results. Karun creates a lookup table from scratch using Splunk tutorial data. By the end of this lesson you will have learned how to group and correlate data and also use lookups in Splunk effectively.

Lesson 6: Creating Reports and Alerts

In Lesson 6 you are getting into the application of what you’ve learned in the previous lessons. In this lesson, you learn all about reports and alerts. First, you learn how to create reports from your search results. Then, you learn how to save and schedule your reports. We cover how to use cron to schedule your reports. By scheduling a report, you can have the results emailed to you automatically. Finally, you learn how to create Splunk alerts. Karun covers how to schedule an alert and configure the threshold and trigger actions. By the end of this lesson, you will have thorough knowledge of how to create Splunk reports and alerts.

Lesson 7: Creating Dashboards

In this final lesson, you learn how to create stunning dashboards using various Splunk visualizations. First, Karun has you create a basic dashboard from your search results. He covers the various aspects of a dashboard such as panels and simple-xml code. You then learn how to configure drilldown in your dashboards. Drilldowns enable you to have interactivity in your dashboards. Karun shows you how easy it is to create a dynamic drilldown that can capture information from users’ clicks. Finally, you learn how to add even more interactivity to your dashboards by adding input panels. You learn how to use drop-down menus using an example. Input panels enable you to add controls such as radio buttons, multi-select, and text fields. By the end of this lesson you will have learned how to create useful and beautiful Splunk dashboards to make use of your data.

