Leveraging Lookups and Subsearches (LLS)

 

Course Content

This three-hour module is designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.

Certifications

This course is part of the following Certifications:

Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Knowledge objects
  • Lookups

Course Objectives

  • Using Lookup Commands
  • Adding a Subsearch
  • Using the return Command

Outline: Leveraging Lookups and Subsearches (LLS)

Topic 1 – Using Lookup Commands

  • Understand lookups
  • Use the inputlookup command to search lookup files
  • Use the lookup command to invoke field value lookups
  • Use the outputlookup command to create lookups
  • Invoke geospatial lookups in search

Topic 2 – Adding a Subsearch

  • Define subsearch
  • Use subsearch to filter results
  • Identify when to use subsearch
  • Understand subsearch limitations and alternatives

Topic 3 – Using the return Command

  • Use the return command to pass values from a subsearch
  • Compare the return and fields commands

Prices & Delivery methods

Online Training

Duration
3 hours

Price
  • Online Training: CAD 635
  • Online Training: US $ 500
  • Splunk Training Units: 50 SPC
Dates and Booking
Enquire a date
Classroom Training

Duration
3 hours

Price
  • Canada: CAD 635
  • Splunk Training Units: 50 SPC
Dates and Booking
Enquire a date

Click on town name or "Online Training" to book Schedule

Guaranteed date:   We will carry out all guaranteed training regardless of the number of attendees, exempt from force majeure or other unexpected events, like e.g. accidents or illness of the trainer, which prevent the course from being conducted.
This is an Instructor-Led Classroom course
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
This is a FLEX course, which is delivered both virtually and in the classroom.

United States

 Online Training 09:00 Eastern Standard Time (EST) Enroll
Online Training Time zone: Pacific Daylight Time (PDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Pacific Daylight Time (PDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Central Standard Time (CST) Enroll
Online Training Time zone: Eastern Standard Time (EST) Enroll

Canada

 Online Training 09:00 Eastern Standard Time (EST) Enroll
Online Training Time zone: Pacific Daylight Time (PDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Pacific Daylight Time (PDT) Enroll
Online Training Time zone: Eastern Daylight Time (EDT) Enroll
Online Training Time zone: Central Standard Time (CST) Enroll
Online Training Time zone: Eastern Standard Time (EST) Enroll