Module 1: Exploring Statistical Commands
• Performing statistical analysis with stats function
• Using fieldsummary
• Using appendpipe
• Using count and list functions
• Using eventstats
• Using streamstats

Module 2: Exploring eval Command Functions
• Using conversion functions
• Using text functions
• Using comparison and conditional functions
• Using informational functions
• Using statistical functions
• Using makeresults command

Module 3: Exploring Lookups
• Applying advanced lookup options
• Including and excluding events based on lookup values
• Using KV Store lookups
• Using external lookups
• Using geospatial lookups
• Understanding best practices for lookups

Module 4: Exploring Alerts
• Logging and indexing searchable alert events
• Referencing lookups in alerts
• Outputting alert results to a lookup
• Using a webhook alert action
• Creating a log event alert action

Module 5: Advanced Field Creation and Management
• Identifying field extraction methods
• Providing a regex expression to the Field Extractor to extract a field
• Performing search time field extraction using the erex and rex commands
• Understand how to improve regex performance in Splunk

Module 6: Working with Self-Describing Data and Files
• Understanding self-describing data
• Using the spath command
• Using the eval command with the spath function
• Using the multikv command

Module 7: Advanced Search Macros
• Using nested search macros
• Previewing search macros before executing
• Using other knowledge objects with macros

Module 8: Using Acceleration Options: Reports and Summary Indexing
• Describing acceleration
• Identifying which reports qualify for acceleration
• Identifying when Splunk doesn’t build an acceleration summary
• Accelerating a report
• Using the Report Acceleration Summaries and Summary Detail pages
• Understanding summary Indexing
• Using the summary indexing transforming commands
• Defining searching against a summary
• Understanding how to handle gaps and overlaps in summary indexes

Module 9: Using Acceleration Options: Data Models and tsidx Files
• Exploring data models using the datamodel command
• Understanding data model acceleration
• Accelerating data models
• Understanding tsidx files
• Working with tsidx files using tstats commands
• Using tstats to search accelerated data models
• Determining which acceleration option to use

Module 10: Using Search Efficiently
• Splunk architecture components
• Search flow
• Streaming commands
• Transforming commands
• Command ordering
• Job inspector

Module 11: More Search Tuning
• Pre-Filtering search data
• Lispy and boolean operators
• Lispy and wildcards
• Using the TERM directive

Module 12: Manipulating and FIltering Data
• bin command
• xyseries command
• untable command
• foreach command
• strftime function

Module 13: Working with Multivalued Fields
• Multivalued fields
• Some multivalued eval functions
• makemv command
• mvexpand command

Module 14: Using Advanced Transactions
• Evaluating events to create transactions
• Handling common values/different field names
• An alternative to coalesce
• Identifying complete vs. incomplete transactions
• Making transactions more efficient
• Stats and transactions

Module 15: Working with Time
• Using time effectively
• What are the default time fields

Module 16: Using Subsearches
• Filtering through many results
• Subsearch caveats
• When to use subsearch
• When NOT to use subsearch
• Troubleshooting subsearches
• Append command

Module 17: Creating a Prototype
• Define simple XML syntax for views
• Use best practices for creating views
• Troubleshooting views

Module 18: Using Forms
• Explain how tokens work
• Use tokens with form inputs
• Create cascading inputs
• Define types of token filters

Module 19: Improving Performance
• Identify ways to improve dashboard performance
• Use the tstats command
• Create base and post-process searches

Module 20: Customizing Dashboards
• Customize chart and panel properties
• Set panel refresh and delay times
• Disable search access features
• Create event annotations

Module 21: Adding Drilldowns
• Define types of drilldowns
• Identify predefined tokens
• Create dynamic drilldowns

Module 22: Adding Advanced Behaviors and Visualizations
• Identify types of event handlers
• Define event actions
• Create contextual drilldowns
• Use simple XML extensions