Splunk
Correlation Analysis
- Level
- Intermediate
- Version
- 1.0
- Language
- EN
- Course code
- SP-SCLAS
Audience
- Users/Analysts
- Administrators
- Engineers
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk
- Using Fields (SUF)
- Visualizations
- Working with Time (WWT)
- Statistical Processing (SSP)
- Comparing Values (SCV)
- Result Modification (SRM)
- Scheduling Reports and Alerts
- Introduction to Dashboards (ITD)
Contents
This course is designed for Splunk power users who want to calculate co-occurrence between fields and analyze data from multiple datasets.
You will learn how to use the transaction, append, appendcols, union, and join commands to correlate events and combine data from various sources.
Outline
Topic 1 - Calculate Co-Occurrence Between Fields
- Understand transactions
- Explore the transaction command
Topic 2 - Analyze Multiple Data Sources
- Understand subsearch
- Use the append, appendcols, union, and join commands to combine, analyze, and compare multiple data sources