@stewartevans I am glad you found it useful. I have learnt these things by hanging out here on Splunk Answers 🙂 Now you need to "pass on" the knowledge.
The link that I provided is by Nick Mealy's and his flowchart for deciding event grouping and correlation is epic 🙂 There are more commands that have been introduced like union in Splunk 6.6 and previously undocumented gem multisearch. They would eventually be documented in above flowchart as well.
... View more