Description
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Creating search queries
- Creating reports and data models
Course Objectives
- Optimizing Search
- Report Acceleration
- Data Model Acceleration
- Using the tstats Command
Outline: Search Optimization (SSO)
Topic 1 – Optimizing Search
- Understand how search modes affect performance
- Examine the role of the Splunk Search Scheduler
- Review general search practices
Topic 2 – Report Acceleration
- Define acceleration and acceleration types
- Understand report acceleration and create an accelerated report
- Reveal when and how report acceleration summaries are created
- Search against acceleration summaries
Topic 3 – Data Model Acceleration
- Understand data model acceleration
- Accelerate a data model
- Use the datamodel command to search data models
Topic 4 – Using the tstats Command
- Explore the tstats command
- Search acceleration summaries with tstats
- Search data models with tstats
- Compare tstats and stats
