This is a hands-on workshop that focuses on Splunk as a platform and the ability to onboard data into Splunk. This workshop explores the various ways to gather inputs, best practices and the various methods to bring data into Splunk, including, Collecting Data Indexing Best Practices, Field extraction and CIM compliance.

Who should attend? Splunk administrators responsible for onboarding data, creating knowledge objects and eventually building TA. Ideally, you should be familiar with Splunk and its main principles. We will not explain Splunk basics during this workshop - we jump directly on how to do things and apply best practices.

Prerequisites: None

Duration: Three hours


DO NOT EDIT