Duration 2 days – 14 hrs
Overview
This hands-on course provides an introduction to Splunk, a powerful platform for searching, monitoring, and analyzing machine-generated data. The training focuses on how developers and QA professionals can leverage Splunk to gain insights from logs and metrics, improve application observability, detect anomalies, and support test validation. Participants will learn to create searches, build dashboards, set up alerts, and use SPL (Search Processing Language) effectively.
Objectives
- Understand Splunk’s architecture and its relevance to development and QA teams
- Use Splunk’s interface to search and analyze log and event data
- Write effective SPL (Search Processing Language) queries
- Create dashboards and visualizations for development and QA metrics
- Set up alerts to track application behavior and test anomalies
- Use Splunk to support root cause analysis and post-mortem investigations
Audience
- Developers
- QA/Test Engineers
- DevOps and SRE Engineers
- Application Support Analysts
- Anyone responsible for troubleshooting or monitoring system/application logs
Pre-requisites
- Basic knowledge of software development and/or QA lifecycle
- Familiarity with log formats and debugging concepts
- Some exposure to scripting or querying (e.g., SQL, Bash, etc.) is helpful but not required
Content
Day 1: Splunk Fundamentals & Log Search
Introduction to Splunk
- What is Splunk? Use cases in Dev and QA
- Splunk architecture: forwarders, indexers, search heads
- Types of data Splunk can ingest
Data Ingestion
- Ingesting logs from applications, servers, and test tools
- Setting up forwarders and monitoring files
Search Basics
- Splunk Web Interface and Search & Reporting App
- Writing basic SPL queries: search, where, stats, timechart
- Using time range selectors and filters
Field Extraction and Parsing
- Default fields, extracted fields, and regex field extractions
- Using rex, eval, and spath
Hands-on Labs
- Upload and analyze sample application logs
- Build basic searches and field extractions
Day 2: Dashboards, Alerts, and Dev-QA Monitoring
Advanced SPL Queries
- Correlating events across logs
- Using join, transaction, eventstats
Dashboards and Visualizations
- Creating and customizing dashboards
- Adding charts, tables, and gauges
- Using tokens and dynamic inputs
Alerts and Scheduled Reports
- Creating alerts for error patterns, test failures, performance drops
- Configuring alert actions (email, webhook)
Dev-QA Use Cases
- Using Splunk in CI/CD pipelines
- Tracking test runs, identifying flaky tests
- Monitoring deployment logs and detecting regression
Hands-on Labs
- Create a QA dashboard with error trends and test summaries
- Set up alerts for test anomalies or application errors
