Course Overview
Expand your data science options by learning the Splunk platform. Find the information and insights you need more efficiently. Write optimized searches to get more out of your data. Understand how machine learning, transaction analysis and prediction can expand what you can do. Build and use knowledge objects like data models and lookups.
This Fast Start series is a bundle of 4 key modules with 28,5 hours of content provided over four days.
This is a bundle of 4 key Courses:
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
Who should attend
- This course is designed for security practitioners who want to use Splunk Enterprise Security (ES)
- The course is designed for architects and systems administrators who want to install and configure Splunk Enterprise Security (ES)
Prerequisites
To be successful, students should have a solid understanding of the following courses:
- Splunk Power User Fast Start (POWER-U)
- plus Visualizations (SVZ) (e-learning onyl)
- plus Scheduling Reports & Alerts (SRA) (e-learning onyl)
- plus Search Under the Hood (SUH) (e-learning onyl)
- plus Intro to Knowledge Objects (IKO) (e-learning onyl)
or
- Intro to Splunk
- Using Fields
- Visualizations
- Working with Time
- Statistical Processing
- Comparing Values
- Result Modification
- Correlation Analysis
- Scheduling Reports and Alerts
- Search Under the Hood
- Intro to Knowledge Objects
Course Objectives
This course in the bundle of Leveraging Lookups and Subsearches (LLS), Search Optimization (SSO), Exploring and Analyzing Data with Splunk (EADS) and Splunk for Analytics and Data Science (SADS).
At the end of this fast track, you should be able to:
- Use lookup commands
- Add a subsearch
- Utilize the return command
- Optimize search
- Accelerate reports
- Accelerate data models
- Utilize the tstats command
- Utilize the analytics framework
- Explore and visualize data
- Clean and preprocess data
- Perform numerical and string-based clustering
- Analyze data correlation
- Manage meta transactions
- Detect anomalies
- Conduct forecasting
- Apply regression for prediction
- Clean and preprocess data
- Implement algorithms, preprocessing, and feature extraction
- Cluster data
- Detect anomalies
- Conduct forecasting
- Perform classification
Course Content
Topic 1 – Using Lookup Commands
- Understand lookups
- Use the inputlookup command to search lookup files
- Use the lookup command to invoke field value lookups
- Use the outputlookup command to create lookups
- Invoke geospatial lookups in search
Topic 2 – Adding a Subsearch
- Define subsearch
- Use subsearch to filter results
- Identify when to use subsearch
- Understand subsearch limitations and alternatives
Topic 3 – Using the return Command
- Use the return command to pass values from a subsearch
- Compare the return and fields commands
Topic 4 – Optimize Search
- Understand how search modes affect performance
- Examine the role of the Splunk Search Scheduler
- Review general search practices
Topic 5 – Report Acceleration
- Define acceleration and acceleration types
- Understand report acceleration and create an accelerated report
- Reveal when and how report acceleration summaries are created
- Search against acceleration summaries
Topic 6 – Data Model Acceleration
- Understand data model acceleration
- Accelerate a data model
- Use the datamodel command to search data models
Topic 7 – Using the tstats Command
- Explore the tstats command
- Search acceleration summaries with tstats
- Search data models with tstats
- Compare tstats and stats
Topic 8 – What is Data Science
- Define terms related to analytics and data science
- Describe the analytics workflow
- Describe Artificial Intelligence and Machine Learning
- Examine common Machine Learning myths
- Describe Splunk’s Machine Learning tools
Topic 9 – Exploratory Data Analysis
- Use bin and makecontinuous to restructure and visualize data
- Examine field statistics with fieldsummary
- Transform fields with eval and fillnull
- Clean text with the rex and cleantext commands
- Solve Anscombe’s Quartet
- Apply boxplots and 3d scatterplots to visualize data
Topic 10 – Event Clustering
- Take a behavioral based approach to cluster data
- Cluster numerical fields using the kmeans command
- Cluster based of string similarity with the cluster command
- Find patterns in clusters
Topic 11– Correlations and Transactions
- Define correlation and co-occurrence
- Use SPL correlation commands
- Use the statistical tests from the Machine Learning Toolkit to
- correlate fields
- Use streamstats and chart commands to correlate data
Topic 12– Anomaly Detection
- Define Statistical Outliers
- Use Add-hoc methods of numerical anomaly detection
- Find numerical or categorical anomalies with the
- AnomalyDetection command
Topic 13 – Forecasting
- Define forecasting use cases
- Use the predict command to forecast future timeseries
Français
Moyens Pédagogiques :