This course teaches different methods of parsing and manipulating data in Splunk at index-time. It covers all aspects in the parsing phase of data and teaches you to customize the process through examining, analysing, and transforming the data.
Data onboarding in an accurate and efficient manner is the key to timely and reliable monitoring and analysis in Splunk Enterprise.
In this course, Splunk Enterprise Administration: Parsing and Manipulating Data, you’ll learn different methods and techniques to parse and manipulate data at index-time in Splunk.
First, you’ll explore different techniques and options for parsing data while indexing, applying appropriate configuration settings.
Next, you’ll discover how to deal with situations that require extracting custom fields and timestamps as well as overriding the default fields.
Finally, you’ll learn how to route data to specific indexes and filter or mask the event data based on specific criteria.
When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise administration, parsing and manipulating data needed to deploy suitable techniques for handling, parsing and manipulating data while ingesting into Splunk.
Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging).
Course Overview [Autogenerated] Hi, everyone. My name is Mohammed Awan and welcome to my Coast Splunk Enterprise Administration Parsing and many plating data. I'm a senior Splunk administrator and technical lead at a government sector organization. In this course, we're going to learn in detail different techniques and methods. Toe parse data at index time in Splunk enterprise, we'll see how Splunk software identifies the event Boundaries, recognizes and assigns time stamps and extracts, default and custom fields at index time. We'll learn how to customize these processes through configuration files, as well as filtering, routing, masking and modifying raw data before indexing some off. The major topics that will cover include understanding and configuring event line breaking, passing time stamps. Extracting custom fields and overriding default fields. Filtering and routing events and masking and modifying raw event data. By the end of this course, you will know how to pass and manipulate incoming stream off raw data, as well as routing it to multiple destinations before it is indexed. Before beginning the course, you should be familiar with basic Splunk administrative tasks as well as possess some knowledge off Splunk architectures. I hope you'll join me on this journey to learn passing and modifying raw data with the Splunk Enterprise Administration passing and Manipulating data course at Pluralsight