Enriching Data with Lookups is a Splunk Education course that teaches how to supplement raw event data with contextual information from external sources using Splunk’s lookup capability.
What You Will Learn
- Create CSV lookup files and define lookup definitions in Splunk
- Configure automatic lookups to enrich events at search time without modifying queries
- Use the lookup, inputlookup, and outputlookup search commands
- Build and query KV Store collections for dynamic lookup data
- Manage lookup permissions and best practices for large lookup tables
Who Should Attend
Splunk power users, SOC analysts, and knowledge managers who need to enrich machine data with threat intelligence, asset information, or business context.
Prerequisites
Working knowledge of Splunk search, including transforming commands and basic knowledge objects.
