Splunk Advanced Power User Fast Start (APU-FT)

This Advanced Power User Fast Start is:

  • For power users who want to become experts on searching and manipulating multivalue data. Topics will focus on using multivalue eval functions and multivalue commands to create, evaluate, and analyze multivalue data.

  • Designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.

  • For power users who want to improve search performance. Topics will cover how search modes affect performance, how to create an efficient basic search, how to accelerate reports and data models, and how to use the tstats command to quickly query data.

  • For knowledge managers who want to use lookups to enrich their search environment. Topics will introduce lookup types and cover how to upload and define lookups, create automatic lookups, and use advanced lookup options. Additionally, students will learn how to verify lookup contents in search and review lookup best practices.

  • Designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.

  • Designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

Audience

Search Experts Knowledge Managers

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Knowledge objects
  • Lookups
  • Creating Search queries
  • Creating reports and data models
  • Data structure requirements for visualizations
  • The dashboard definition

Course objectives

Course topics:

  • Using Lookup Commands
  • Adding a Subsearch
  • Using the return Command
  • What are Multivalue Fields
  • Creating Multivalue Fields
  • Evaluating Multivalue Fields
  • Analyzing Multivalue Fields
  • Optimizing Search
  • Report Acceleration
  • Data Model Acceleration
  • Using the tstats Command
  • What is a Lookup?
  • Creating Lookups
  • Geospatial Lookups
  • External Lookups
  • KV Store Lookups
  • Best Practices for Lookups
  • Dashboard Framework
  • Prototyping
  • Visualization Types
  • Modifying the Source Code
  • Dynamic Coloring
  • Data Source Types
  • Mock Data
  • Event Annotations
  • Adding Inputs
  • Chain Searches

Course content

Leveraging Lookups and Subsearches (SSC)
  • Topic 1 – Using Lookup Commands
  • Topic 2 – Adding a Subsearch
  • Topic 3 – Using the return Command
Multivalue Fields (SSC)
  • Topic 1 – What are Multivalue Fields?
  • Topic 2 – Creating Multivalue Fields
  • Topic 3 – Evaluating Multivalue Fields
Search Optimization (SSC)
  • Topic 1 – Optimizing Search
  • Topic 2 – Report Acceleration
  • Topic 3 – Data Model Acceleration
  • Topic 4 – Using the tstats Command
Enriching Data With Lookups (SSC)
  • Topic 1 – What is a Lookup?
  • Topic 2 – Creating Lookups
  • Topic 3 – Geospatial Lookups
  • Topic 4 – External Lookups
  • Topic 5 – KV Store Lookups
  • Topic 6 – Best Practices for Lookups
Intro To Dashboards (SSC)
  • Topic 1 – Dashboard Framework
  • Topic 2 – Create a Prototype
  • Topic 3 – Use Dynamic Coloring
Dynamic Dashboards (SSC)
  • Topic 1 – Selecting a Data Source
  • Topic 2 – Adding Inputs
  • Topic 3 – Improving Performance
  • Topic 4 – Comparing Temporary versus Persistent Fields
  • Topic 5 – Enriching Data

Certification

This course is part of the following Certifications:

This course is provided in collaboration with our learning partners at Fast Lane UK.