I sometimes have to use Splunk at work and the truth is that, excepting some basic queries I had no clue how it works, so after a colleague mentioned he was going to go through Udemy's The Complete Splunk Beginner Course I also decided to give it a try.
The results are not bad: It covers all fundamentals and basic pillars like setting it up, querying and visualizing data, so you get to know how it gathers the data, why maybe some field is not being displayed correctly, and other informational bits that can come handy. My main focus was on searching, reporting and visualizing and, while some examples are gone through so quickly I had to watch them twice or pause the video to properly read the search query or terms used, it covers much of the options, from pipelining queries into commands, generating tables or charts, and specific examples of dealing with time series (one of the most common use cases).
The examples are not bad, although I'd have preferred to see a sample of ingesting and parsing an Nginx log than Windows security audit logs, which yes, include some relevant fields but also huge by default useless XML chunks, but on the other side the author provides a "homework dataset" of useful CSV sample data to ingest and play with.
It is a complete course, a bit short (3 hours), but clearly stated with the "beginner" word on the title and covering quite some ground, so a good intro to learn this monitoring tool.
Tags: Reviews