Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Knowledge objects
- Lookups
Course Objectives
- Using Lookup Commands
- Adding a Subsearch
- Using the return Command
Course Content
This three-hour module is designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.