Splunk
Comparing Values
- Level
- Intermediate
- Version
- 1.0
- Language
- EN
- Course code
- SP-SCV
Audience
- Users/Analysts
- Administrators
- Engineers
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk
- Using Fields (SUF)
- Visualizations
- Working with Time (WWT)
- Statistical Processing (SSP)
Contents
This course is designed for Splunk users, analysts, and administrators who want to compare and analyze datasets. You will use the eval, where, and if commands, along with the like and case functions to compare and visualize datasets.
Outline
Module 1 - Using eval to Compare
- Explore the eval command
- Explain evaluation functions
- Identify and use comparison, conditional, and text functions
- Normalize data with the case function
- Use the fieldformat command to format field values
Module 2 - Filtering with where & Managing Missing Data
- Use the where command to filter results
- Use wildcards with the where command
- Filter fields with the information functions, isnull and isnotnull
- Manage missing data with the fillnull command