Using the Splunk Log Observer (USLO)

 

Contenu

This 4.5-hour module describes how to use the tool to work with log data using the no-code user interface. Learn to create, save, and share search filters, and to investigate the shape of your log data. Analyze logs with aggregation functions and group by rules. Create rules to manipulate incoming data, and generate synthetic metrics from log data.

All concepts are taught using lectures and scenario-based hands-on activities.

A qui s'adresse cette formation

This module is designed for developers responsible for debugging their own applications, and for SREs responsible for troubleshooting performance issues. The Splunk Log Observer is built primarily for DevOps teams working on applications built on modern tech stacks (containerized microservices). However, the module can be taken by anyone who wants to view recent log data in a no-code environment.

Pré-requis

Prior experience with Splunk Infrastructure Monitoring and/or Splunk APM is recommended

Objectifs

  • View log data
  • Describe how log data is parsed and structured in the tool
  • Create filters for log data; save and reuse these filters
  • Investigate the shape of log data with the Log Observer
  • Analyze data with aggregation functions and group by rules
  • Manage the data pipeline using rules
  • Describe ways to get data in

Outline: Using the Splunk Log Observer (USLO)

Topic 1 – Introduction

  • Describe the "Three Pillars of Observability"
  • Explain how Splunk navigates between the three data types
  • Explain at a high level how Splunk collects each data type
  • Explain what a no-code search is
  • Describe some use cases for the Log Observer

Topic 2 – Log Observer Basics

  • Use the Log Observer to view trends in logs over time
  • Use an aggregation function to summarize log data
  • Browse fields and top values for logs
  • Create a set of filters from field data
  • Change the time range for logs displayed
  • Describe the relationship between the four parts of the Log Observer Interface

Topic 3 – Advanced Searching

  • Add multiple search filters using field values and keywords
  • Create and tag Saved Queries
  • Create visualizations from aggregate log data
  • Segment visualization using group by
  • Use search time rules to temporarily transform incoming data
  • View and configure Live Tail mode
  • Restrict time windows for viewing log data in various ways

Topic 4 – Managing Data Pipelines

  • Describe the data processing pipeline and data indexing
  • Explain some use cases for data processing rules
  • Describe the rule types
  • Differentiate between index-time and search-time rules
  • Add a rule to the pipeline or edit an existing rule
  • Create synthetic metrics from log data
  • Create rules to determine which data is indexed vs being archived (Infinite Logging)

Topic 5 – Getting Data In

  • Explain field types in the Log Observer
  • Describe the various ways to bring log data into Splunk Observability
  • Name some of the ways that log data is enriched
  • Differentiate between log messages and metadata
  • Describe how metadata is stored and accessed on log messages

Prix & Delivery methods

Formation en ligne

Durée
0,5 jours

Prix
  • Online Training : CAD 635,–
  • Online Training : US$ 500,–
  • Splunk Training Credits : 50 SPC
Formation en salle équipée

Durée
0,5 jours

Prix
  • Canada : CAD 635,–
  • Splunk Training Credits : 50 SPC

Cliquez sur le nom de la ville ou sur « Formation en ligne » pour réserver Agenda

This is an Instructor-Led Classroom course
Instructor-led Online Training :   Cours en ligne avec instructeur
*   This class is delivered by a partner.

Etats-Unis

Formation en ligne 09:00 US/Pacific 2 jours Cette formation est réalisée par un partenaire S'inscrire