Detailed Course Outline
Topic 1 – Introduction
- Describe the "Three Pillars of Observability"
- Explain how Splunk navigates between the three data types
- Explain at a high level how Splunk collects each data type
- Explain what a no-code search is
- Describe some use cases for the Log Observer
Topic 2 – Log Observer Basics
- Use the Log Observer to view trends in logs over time
- Use an aggregation function to summarize log data
- Browse fields and top values for logs
- Create a set of filters from field data
- Change the time range for logs displayed
- Describe the relationship between the four parts of the Log Observer Interface
Topic 3 – Advanced Searching
- Add multiple search filters using field values and keywords
- Create and tag Saved Queries
- Create visualizations from aggregate log data
- Segment visualization using group by
- Use search time rules to temporarily transform incoming data
- View and configure Live Tail mode
- Restrict time windows for viewing log data in various ways
Topic 4 – Managing Data Pipelines
- Describe the data processing pipeline and data indexing
- Explain some use cases for data processing rules
- Describe the rule types
- Differentiate between index-time and search-time rules
- Add a rule to the pipeline or edit an existing rule
- Create synthetic metrics from log data
- Create rules to determine which data is indexed vs being archived (Infinite Logging)
Topic 5 – Getting Data In
- Explain field types in the Log Observer
- Describe the various ways to bring log data into Splunk Observability
- Name some of the ways that log data is enriched
- Differentiate between log messages and metadata
- Describe how metadata is stored and accessed on log messages