Splunk Search Expert 103

In this course, you will learn how to calculate co-occurrence between fields and analyze data from multiple datasets, increase your knowledge of searching and learn how to work with multivalue data. In addition, you will learn tips and tricks to improve search performance using accelerations.

• Correlation Analysis
• This module is for users who want to learn how to calculate co-occurrence between fields and analyze data from multiple datasets. Topics will focus on the transaction, append, appendcols, union, and join commands.
• Search Under the Hood
• This eLearning module gives students additional insight into how Splunk processes searches. Students will learn about Splunk architecture, how components of a search are broken down and distributed across the pipeline, and how to troubleshoot searches when results are not returning as expected.
• Multivalve Fields
• This module is for users who want to become experts on searching and manipulating multivalue data. Topics will focus on using multivalue eval functions and multivalue commands to create, evaluate, and analyze multivalue data.
• Search Optimization
• This module is for users who want to improve search performance. Topics will cover how search modes affect performance, how to create an efficient basic search, how to accelerate reports and data models, and how to use the tstats command to quickly query data.