Splunk Search

Are there any good tutorials for splunk search queries?

subhadipc
Explorer

Hi,

I would like to know the link, or any document where from I can learn how to write search queries for different report. Please help.

Labels (1)
Tags (3)

gk6565
New Member

Hi, you can attend splunk training and expert in splunk search queries. But you can find a very good resource here: http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf

0 Karma

gjanders
SplunkTrust
SplunkTrust

This post is originally from 2012!

A more modern post is https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html , the hungry newbie post has a number of useful links for tutorials.

Also Splunk 6.X Fundamentals Part 1 (eLearning) is now free.

0 Karma

araitz
Splunk Employee
Splunk Employee

ChrisG
Splunk Employee
Splunk Employee

This is also available from the following docs topic: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchCheatsheet.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Yes, start with the Splunk Tutorial. If your focus is on searching and reporting, continue in the documentation, starting with the About Search topic, continuing with the topics that follow it, and then going on to the topics that begin with About reports, dashboards, and data visualizations.

I also recommend the Searching and Reporting with Splunk class, see http://www.splunk.com/view/education/SP-CAAAAH9, and I agree that the UI Examples app is extremely useful for learning how to construct form searches and dashboards through XML. But start with the docs and see where you need to go from there.

0 Karma

RicoSuave
Builder

I would first start with the basic splunk tutorial located here

http://docs.splunk.com/Documentation/Splunk/latest/User/WelcometotheSplunktutorial

Then download http://splunk-base.splunk.com/apps/22333/splunk-ui-examples-app-for-41

And take a look at the code and the searches that are being used to generate the various dashboards. Once you feel comfortable with searching and reporting and building dashboards then download Nick's Sideview Util's app and go through all of his examples.

http://splunk-base.splunk.com/apps/36405/sideview-utils

It also wouldn't hurt to take splunk's search and reporting class.

RicoSuave
Builder

It stands for User Interface: http://en.wikipedia.org/wiki/User_interface

0 Karma

amortiz
Explorer

apologize for my density level, what is an UI? Is it by chance short for utility or maybe user interface
I did look through the linked page to make sure I wasn't missing the obvious.
My Texas schooling only goes so far.
Thanks,

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...