Course Overview
This Advanced Power User Fast Start is :
- for power users who want to become experts on searching and manipulating multivalue data. Topics will focus on using multivalue eval functions and multivalue commands to create, evaluate, and analyze multivalue data.
- designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.
- for power users who want to improve search performance. Topics will cover how search modes affect performance, how to create an efficient basic search, how to accelerate reports and data models, and how to use the tstats command to quickly query data.
- for knowledge managers who want to use lookups to enrich their search environment. Topics will introduce lookup types and cover how to upload and define lookups, create automatic lookups, and use advanced lookup options. Additionally, students will learn how to verify lookup contents in search and review lookup best practices.
- designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.
- designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.
Who should attend
Search Experts Knowledge Managers
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Knowledge objects
- Lookups
- Creating Search queries
- Creating reports and data models
- Data structure requirements for visualizations
- The dashboard definition
Course Objectives
Course Topics
- Using Lookup Commands
- Adding a Subsearch
- Using the return Command
- What are Multivalue Fields
- Creating Multivalue Fields
- Evaluating Multivalue Fields
- Analyzing Multivalue Fields
- Optimizing Search
- Report Acceleration
- Data Model Acceleration
- Using the tstats Command
- What is a Lookup?
- Creating Lookups
- Geospatial Lookups
- External Lookups
- KV Store Lookups
- Best Practices for Lookups
- Dashboard Framework
- Prototyping
- Visualization Types
- Modifying the Source Code
- Dynamic Coloring
- Data Source Types
- Mock Data
- Event Annotations
- Adding Inputs
- Chain Searches
Course Content
Leveraging Lookups and Subsearches (SSC)
- Topic 1 – Using Lookup Commands
- Topic 2 – Adding a Subsearch
- Topic 3 – Using the return Command
Multivalue Fields (SSC)
- Topic 1 – What are Multivalue Fields?
- Topic 2 – Creating Multivalue Fields
- Topic 3 – Evaluating Multivalue Fields
Search Optimization (SSC)
- Topic 1 – Optimizing Search
- Topic 2 – Report Acceleration
- Topic 3 – Data Model Acceleration
- Topic 4 – Using the tstats Command
Enriching Data With Lookups (SSC)
- Topic 1 – What is a Lookup?
- Topic 2 – Creating Lookups
- Topic 3 – Geospatial Lookups
- Topic 4 – External Lookups
- Topic 5 – KV Store Lookups
- Topic 6 – Best Practices for Lookups
Intro To Dashboards (SSC)
- Topic 1 – Dashboard Framework
- Topic 2 – Create a Prototype
- Topic 3 – Use Dynamic Coloring
Dynamic Dashboards (SSC)
- Topic 1 – Selecting a Data Source
- Topic 2 – Adding Inputs
- Topic 3 – Improving Performance
- Topic 4 – Comparing Temporary versus Persistent Fields
- Topic 5 – Enriching Data