Skip to main content

Splunk Training + Certification

Leveraging Lookups & Subsearches

Course Description

This three-hour course is designed for power users who want to learn how to use lookups and subsearches to enrich their results. Topics will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources.

Instructor-led Training Schedule

eLearning with Labs

The best of both delivery methods. Self-paced eLearning videos accessible anytime, anywhere, plus access to the interactive lab environment to sharpen your skills.


Course Prerequisites

To be successful, students should have a solid understanding of the following:

  • How Splunk works
  • Knowledge objects
  • Lookups

Course Topics

  • Using Lookup Commands
  • Adding a Subsearch
  • Using the return Command

Course Objectives

Topic 1 – Using Lookup Commands
  • Understand lookups
  • Use the inputlookup command to search lookup files
  • Use the lookup command to invoke field value lookups
  • Use the outputlookup command to create lookups
  • Invoke geospatial lookups in search
Topic 2 – Adding a Subsearch
  • Define subsearch
  • Use subsearch to filter results
  • Identify when to use subsearch
  • Understand subsearch limitations and alternatives
Topic 3 – Using the return Command
  •  Use the return command to pass values from a subsearch
  • Compare the return and fields commands