6.1 More to Learn

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
2 hours 29 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Hi. Before we begin our next and last video,
00:00
which will be a review of
00:00
the topics covered in this course,
00:00
I wanted to discuss some other areas of study.
00:00
We've learned a lot in a short amount of time,
00:00
but there are still so much more Splunk has to
00:00
offer and so much more you're able to learn.
00:00
In this video, I'll introduce
00:00
some topics that I won't fully explain.
00:00
This is intended to help you
00:00
look for things to study on your own.
00:00
As a reminder, Splunk does offer its own courses.
00:00
Their first course is free and I highly
00:00
recommend that as a next step after finishing this one.
00:00
It gets more in-depth with search language, timing,
00:00
and it introduces some concepts we haven't covered,
00:00
such as macros and lookups.
00:00
Running better and more complex searches
00:00
is also a great next step.
00:00
We just touched the surface of what you can do.
00:00
Splunk.com has a great reference guide
00:00
for learning other search commands.
00:00
A fill null command, for example,
00:00
can replace an empty field value with the value you want.
00:00
The make MV command can split field values.
00:00
Lookup tables can store lists of
00:00
information to compare it
00:00
to search results and do many other things.
00:00
Search macros are portions of
00:00
searches that can be re-used,
00:00
and apply it in other searches.
00:00
Summary indexing involves writing
00:00
searches or report results to
00:00
a unique index that can
00:00
help improve reporting efficiency,
00:00
and it has other uses.
00:00
The common information model
00:00
helps you normalize data by having
00:00
field name and event tags standards
00:00
that apply to different source types.
00:00
Again, this doesn't cover anywhere near everything,
00:00
but gives you some good ideas.
00:00
A few ideas to study next around architecture,
00:00
could be understanding how to set
00:00
up a distributed Splunk environment,
00:00
and how to be able to set up a clustered environment.
00:00
Learning more about
00:00
Spunk data storage including buckets,
00:00
and getting familiar with the files and file structure
00:00
used by Splunk could be another good direction.
00:00
You may also want to study how to load balance,
00:00
such as having a forward or be able to
00:00
send multiple indexes in case one is unreachable.
00:00
There's a lot to learn about hardware planning,
00:00
and best practices for Splunk.
00:00
You'll likely also want to spend
00:00
some time browsing the many different apps,
00:00
and add-ons available on Splunk base.
00:00
You may want to learn how to create your own apps.
00:00
As you use Splunk more,
00:00
you'll find the need to
00:00
troubleshoot various problems that come up.
00:00
You might learn to use the command line tool called BTool
00:00
to help troubleshoot configuration file issues.
00:00
You could look at the job inspector
00:00
to try and evaluate search performance.
00:00
You could dig into Splunk D,
00:00
or crash logs to try and identify issues.
00:00
You may also want to learn more about Splunk licensing,
00:00
how to make intelligent purchases for
00:00
your company and lead Splunk related projects.
00:00
You might also want to learn
00:00
more about other Splunk products,
00:00
and identify ways to automate
00:00
and streamline business activities.
00:00
These are just a few ideas.
00:00
You've already learned a lot and you should
00:00
have a good foundation for
00:00
moving forward with your Splunk goals.
00:00
In our next video,
00:00
we'll have a final review.
Up Next
Course Assessment - Introduction to Splunk
Assessment
30m