Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk queries

pacifikn
Communicator
‎01-31-2021 04:07 AM

Greetings!!!

Kindly help me to more understand  the purpose of fine-tune queries? based on your experience? 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pacifikn
Communicator
‎01-31-2021 11:36 PM

Dear @richgalloway  Thank you so much for your response and the time,

But what I wanted to know is that in my opinion, we use search queries to fetch data from indexers, and sometimes we finetune it(or change it) based on what we want to get, like reducing the noise of false positives by getting only the information you need, I wanted to know more information about this and its explanations.

BUT I have got the link with more details and it answered my concerns:

https://docs.splunk.com/Documentation/Splunk/8.1.1/Search/Aboutoptimization

Thank you again!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-31-2021 07:24 AM

Only you and/or your supervisor know why you want to do that and what you hope to gain from it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

pacifikn
Communicator
‎01-31-2021 07:32 AM

Dear @richgalloway 

Let's say like this,  help me to more understand the purpose of fine-tune queries? based on your experience?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-31-2021 10:50 AM
One tunes Splunk queries for the same reason one tunes a car or a piano - so it performs better.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

pacifikn
Communicator
‎01-31-2021 11:36 PM

Dear @richgalloway  Thank you so much for your response and the time,

But what I wanted to know is that in my opinion, we use search queries to fetch data from indexers, and sometimes we finetune it(or change it) based on what we want to get, like reducing the noise of false positives by getting only the information you need, I wanted to know more information about this and its explanations.

BUT I have got the link with more details and it answered my concerns:

https://docs.splunk.com/Documentation/Splunk/8.1.1/Search/Aboutoptimization

Thank you again!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games at .conf 2026

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...