Description
This course is part of the following Certifications:
Splunk Core Certified Advanced Power User
Splunk Core Certified User
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Knowledge objects
- Lookups
Course Objectives
- Using Lookup Commands
- Adding a Subsearch
- Using the return Command
Outline: Leveraging Lookups and Subsearches (LLS)
Topic 1 – Using Lookup Commands
- Understand lookups
- Use the inputlookup command to search lookup files
- Use the lookup command to invoke field value lookups
- Use the outputlookup command to create lookups
- Invoke geospatial lookups in search
Topic 2 – Adding a Subsearch
- Define subsearch
- Use subsearch to filter results
- Identify when to use subsearch
- Understand subsearch limitations and alternatives
Topic 3 – Using the return Command
- Use the return command to pass values from a subsearch
- Compare the return and fields commands
