What is the best way of mastering the Splunk development in terms of writing splunk searches and other development in Splunk?
Basically it boils down to one thing: experience
However, there is different ways to get it.
Hope that helps you!
Read About Search Optimization Documentation, specially, Write Better Searches
Also check out Best Practices in Splunk .conf Sessions (PS: I have given 2017 .conf session link, however, you can get the .conf Archive Search App from Splunkbase for searching across various years of .conf Sessions which gets updated every year.
If you intend to use Post Processing you can check out Post Processing Best Practices
If you are using lookup command/geostats/iplocation etc you should see the feasibility of using transforming command first ollowed by the lookup. Refer to documentation on Lookup Optimization.
Once your searches/reports/dashboard/alerts start to get into shape, start using as many Knowledge Objects as possible for easy re usability and maintenance of code.
In order to improve performance of Report/Dashboard/Data Model use Summary Indexing based acceleration.
Above all I would agree to what everyone have mentioned about Splunk Answers. Just spend an hour or go through 10-15 questions here daily and you will learn a lot from what tips and tricks that community experts have hidden under their sleeves. I learn something new almost every day 🙂
Just wanted to accept all as answers 🙂
You can only accept one, but you can upvote as many as you like 😉
The best way is to participate in this forum. Pick a few good answerers (the top 10 is a good place to start) and follow them. Also start trying to answer questions and try for ones that are just beyond your grasp. Review the answers with the most votes and the answers to the questions with the most votes. Tear apart the answers, pipe-by-pipe and see how each one works. Get experience by living through the experience of others, then get your own by contributing your own answers.
I think its kinda trickier question to answer .
The best way might to understand what each command does and trying them on the example data makes you better .
where do you get the example data?
Some example data from the Splunk tutorial:
http://docs.splunk.com/Documentation/Splunk/7.1.0/SearchTutorial/Systemrequirements#Download_the_tut...
Some Airline example data:
https://www.transtats.bts.gov/Tables.asp?DB_ID=120
Bunch of datasets from Amazon:
https://registry.opendata.aws/
Good luck 😉
You need to get well with evengen app which generates example data
Basically it boils down to one thing: experience
However, there is different ways to get it.
Hope that helps you!