Basically it boils down to one thing: experience
However, there is different ways to get it.
Hope that helps you!
I think its kinda trickier question to answer .
The best way might to understand what each command does and trying them on the example data makes you better .
Some example data from the Splunk tutorial:
Some Airline example data:
Bunch of datasets from Amazon:
Good luck 😉
The best way is to participate in this forum. Pick a few good answerers (the top 10 is a good place to start) and follow them. Also start trying to answer questions and try for ones that are just beyond your grasp. Review the answers with the most votes and the answers to the questions with the most votes. Tear apart the answers, pipe-by-pipe and see how each one works. Get experience by living through the experience of others, then get your own by contributing your own answers.
Also check out Best Practices in Splunk .conf Sessions (PS: I have given 2017 .conf session link, however, you can get the .conf Archive Search App from Splunkbase for searching across various years of .conf Sessions which gets updated every year.
If you intend to use Post Processing you can check out Post Processing Best Practices
If you are using lookup command/geostats/iplocation etc you should see the feasibility of using transforming command first ollowed by the lookup. Refer to documentation on Lookup Optimization.
Once your searches/reports/dashboard/alerts start to get into shape, start using as many Knowledge Objects as possible for easy re usability and maintenance of code.
In order to improve performance of Report/Dashboard/Data Model use Summary Indexing based acceleration.
Above all I would agree to what everyone have mentioned about Splunk Answers. Just spend an hour or go through 10-15 questions here daily and you will learn a lot from what tips and tricks that community experts have hidden under their sleeves. I learn something new almost every day 🙂