This Advanced Power User Fast Start is :

• for power users who want to become experts on searching and manipulating multivalue data. Topics will focus on using multivalue eval functions and multivalue commands to create, evaluate, and analyze multivalue data.

• designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.
  
• for power users who want to improve search performance. Topics will cover how search modes affect performance, how to create an efficient basic search, how to accelerate reports and data models, and how to use the tstats command to quickly query data.

• for knowledge managers who want to use lookups to enrich their search environment. Topics will introduce lookup types and cover how to upload and define lookups, create automatic lookups, and use advanced lookup options. Additionally, students will learn how to verify lookup contents in search and review lookup best practices.

• designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.
  
• designed for power users who want to learn best practices for building dashboards in the Dashboard Studio. It focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

Course Topics

• Using Lookup Commands

• Adding a Subsearch

• Using the return Command

• What are Multivalue Fields

• Creating Multivalue Fields

• Evaluating Multivalue Fields

• Analyzing Multivalue Fields

• Optimizing Search

• Report Acceleration

• Data Model Acceleration

• Using the tstats Command

• What is a Lookup?

• Creating Lookups

• Geospatial Lookups

• External Lookups

• KV Store Lookups

• Best Practices for Lookups

• Dashboard Framework

• Prototyping

• Visualization Types

• Modifying the Source Code

• Dynamic Coloring

• Data Source Types

• Mock Data

• Event Annotations

• Adding Inputs

• Chain Searches

Search Experts Knowledge Managers

To be successful, students should have a solid understanding of the following:

How Splunk works

Knowledge objects

Lookups

Creating Search queries

Creating reports and data models

Data structure requirements for visualizations

The dashboard definition

Module 1 : Leveraging Lookups and Subsearches (SSC)

　

Topic 1 – Using Lookup Commands

Understand lookups

Use the inputlookup command to search lookup files

Use the lookup command to invoke field value lookups

Use the outputlookup command to create lookups

Invoke geospatial lookups in search

　

Topic 2 – Adding a Subsearch

Define subsearch

Use subsearch to filter results

Identify when to use subsearch

Understand subsearch limitations and alternatives

　

Topic 3 – Using the return Command

　Use the return command to pass values from a subsearch

Compare the return and fields commands

　

　

　

　

Module 02 : Multivalue Fields (SSC)

　

Topic 1 – What are Multivalue Fields?

Understand multivalue fields

Define self-describing data

Understand how JSON data is handled in Splunk

Use the spath command to interpret self-describing data

Use mvzip and mvexpand commands to manipulate multivalue fields

Convert single-value fields to multivalue fields with specific commands and functions

Topic 2 – Creating Multivalue Fields

Creating multivalue fields with the makemv command and the split function of the eval command

Topic 3 – Evaluating Multivalue Fields

　

　

Module 03 : Search Optimization (SSC)

　

Topic 1 – Optimizing Search

Understand how search modes affect performance

Examine the role of the Splunk Search Scheduler

Review general search practices

Topic 2 – Report Acceleration

Define acceleration and acceleration types

Understand report acceleration and create an accelerated report

Reveal when and how report acceleration summaries are created

Search against acceleration summaries

Topic 3 – Data Model Acceleration

Understand data model acceleration

Accelerate a data model

Use the datamodel command to search data models

Topic 4 – Using the tstats Command

Explore the tstats command

Search acceleration summaries with tstats

Search data models with tstats

Compare tstats and stats

　

Module 04 : Enriching Data With Lookups (SSC)

　

Topic 1 – What is a Lookup?

Define a lookup ad the default lookup types

Lookups and the search-time operation sequence

Topic 2 – Creating Lookups

Use file-based lookups at search time

Create (upload, define, configure) a lookup

Use an automatic lookup at search

Topic 3 – Geospatial Lookups

Understand geospatial lookups and KMZ/KML files

Add and define a geospatial lookup

Topic 4 – External Lookups

Understand external lookups

Explore the default lookups, external_lookup.py

Configure external lookups

Topic 5 – KV Store Lookups

Introduce KV Store lookups

Configure KV Store lookups

Compare file-based CSV lookups to KV Store lookups

Topic 6 – Best Practices for Lookups

Various best practices for using lookups

　

　

　

Module 05 : Intro To Dashboards (SSC)

　

Topic 1 – Dashboard Framework

Describe the dashboard definition

Compare classic and dashboard studio dashboards

Use dashboard best practices

Manage views

Use dashboard best practices

Topic 2 – Create a Prototype

Describe dashboard workflows

Compare layout types

Identify layout fields

Add visualizations

Topic 3 – Use Dynamic Coloring

Describe dynamic coloring

Contrast visualization types

Set global time range parameters

Apply dynamic coloring

　

　

　

Modules 06 : Dynamic Dashboards (SSC)

　

Topic 1 – Selecting a Data Source

Identify dataSources stanza fields

Name search types

Use a secondary data source

Topic 2 – Adding Inputs

Identify types of inputs

Describe how inputs work

Create a dynamic input

Add cascading inputs

Topic 3 – Improving Performance

Identify performance improvement methods

Use tstats and accelerated data models

Create chain searches

Set defaults

Topic 4 – Comparing Temporary versus Persistent Fields

Differentiate between temporary and persistent fields

Create temporary fields with the eval command

Extract temporary fields with the erex and rex commands

Topic 5 – Enriching Data

Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data