CVF 2072 - Visualization and Reporting for Big Data Credits: 3 Hours/Week: Lecture 2 Lab 1 Course Description: This course builds on basic search and reporting skills to chart and visualize data. It focuses on more advanced search and reporting commands. It provides students with an opportunity to create reports as well as complex dashboards, forms, and visualizations. Students are guided step-by-step through complex searches to produce multiple types of graphs and customized visualizations. This course employs both “open source technology” (Hadoop) and “commercial technology” (Splunk). MnTC Goals None
Prerequisite(s): CVF 1072 or CVF 2071 with a grade of C or higher, or instructor consent. Corequisite(s): None Recommendation: None
Major Content 1.Beyond Search Fundamentals
- Proper case in searches
- Splunk’s search process
- Search inspector
2. Using Sub-Searches
- Sub-searches - Matching values
- Sub-search - Non matching values
3. Using Advanced Statistics
- Statistical functions
- Appendpipe command
- Streamstats and eventstats commands
4. Using Data Manipulation, and Filtering
- Data manipulation functions:
- bin
- xyseries
- foreach
- Data filtering search commands:
- where functions: like, isnull
- eval functions: strftime, upper, case, replace
5. Using Advanced Charting
- Advanced charting commands and functions:
- untable
- addtotals
- append and appendcols
6. Using Advanced Transactions
- Events logged - Before
- Events logged - After
- Complete transactions
- Analyze transactions
7. Sorting, Searching, and Reformatting Time
- Event searching - Custom time ranges
- Event searching - Window of time
- Event searching - Relative dates
- Return command
8. Using Advanced Lookups
- Lookup table
- Baseline lookup table
9. Introduction to Views
- Views - Definition
- Views - Best practices
- Common information model
- Splunk CIM
10. Adding Content
- Data structure requirements
- Primary transforming commands
- Dashboard performance
- Acceleration
11. Editing XML
- Simple XML syntax
- Categories of panels
- Types of panel objects
- Post-process searches
- Charts
12. Using Tokens
- Form inputs
- Tokens and filters
- Cascading menus
- Dynamic drilldowns
13. Customizing Dashboards
- Simple XML extensions
- Search managers
- Custom visualizations
- Autodiscovery
Learning Outcomes At the end of this course, students will be able to:
- use the proper case in searches.
- describe Splunk’s search process.
- use the search inspector to view search performance.
- use sub-searches to correlate data by finding events that match given criteria.
- display the array data model of an image with graphical representations.
- use statistical functions in Splunk: min, max, mean, median, and standard deviation.
- use the appendpipe, streamstats and eventstats commands.
- use eval, where, bin, xyseries, foreach, filtering commands and functions.
- use untable, addtotals, append, and appendcols charting commands and functions.
- find a suspicious event using the transaction function in Splunk.
- search for events using custom time ranges.
- use the return command to pass values up from a sub search.
- build a baseline lookup table and reference the baseline values in alerts.
- identify best practices for creating views.
- define the common information model.
- normalize data to the Splunk common information model.
- define data structure requirements.
- identify the primary transforming commands.
- describe methods to improve dashboard performance.
- define the simple XML syntax.
- name categories of panels.
- identify types of panel objects.
- identify types of form inputs.
- use tokens and filters.
- create cascading menus and dynamic drilldowns.
- use simple XML extensions to customize Splunk dashboard.
- identify types of search managers.
Competency 1 (1-6) None Competency 2 (7-10) None Courses and Registration
Add to Portfolio (opens a new window)
|