Splunk
Data Models
- Level
- Intermediate
- Version
- 1.0
- Language
- EN
- Course code
- SP-SDM
Audience
- Knowledge Managers
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- How Splunk works
- Creating search queries
- Knowledge objects
Contents
This course is for knowledge managers who want to learn how to create and accelerate data models.
The course will cover datasets, designing data models, using the Pivot editor, and accelerating data models.
Outline
Module 1 - Introduce Data Model Datasets
- Explore data models
- Add event, search, and transaction datasets to data models
- Identify event object hierarchy and constraints
- Add fields based on eval expressions to transaction datasets
Module 2 - Design Data Models
- Create a data model
- Add root and child datasets to a data model
- Add fields to data models
- Add child datasets to a data model
- Test a data model
- Define permissions for a data model
- Upload/download a data model for backup and sharing
Module 3 - Create a Pivot
- Identify benefits of using Pivot
- Create and configure a Pivot
- Visualize a Pivot
- Save a Pivot
- Use Instant Pivot
- Access underlying search for Pivot
Module 4 - Accelerate Data Models
- Define ad-hoc and persistent data model acceleration
- Accelerate a data model
- Describe the role of tsidx files in data model acceleration
- Review considerations about data model acceleration