Splunk Search

Are there any other online collections of Splunk search examples?

ChrisG
Splunk Employee
Splunk Employee

Beyond what's in the Search Reference and the Search Manual, are there other sites that have SPL examples available to the community?

1 Solution

ChrisG
Splunk Employee
Splunk Employee

There are two sites (at least!) that community members have created to collect search examples:

Bookmark and keep your eye on those, people are adding more examples as time goes on.

The Splunk doc team is also watching those sites to look for good items to incorporate into the main product documentation. Please use the feedback form at the bottom of any topic page on docs.splunk.com if you have suggestions.

View solution in original post

mhouse3
Path Finder

"Archived sessions from 2013-2016 are up at conf.splunk.com" where? Can you provide the direct link please?

0 Karma

ChrisG
Splunk Employee
Splunk Employee
0 Karma

mhouse3
Path Finder

That link only takes me to the current 2019 .conf listings.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

It does kind of look like that, because of the banner on the page. But these are in fact the 775 archived sessions recorded in previous years. If you do a search on that page, like https://conf.splunk.com/watch/conf-online.html?search=SPL#/, you will see the results are tagged with the year they were recorded.

0 Karma

mhouse3
Path Finder

I see now. The problem is if you go to the top left and expand Event it reflects that these are for 2016, 2017 and 2018. I am looking for the recordings before 2016.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Yes, I think that is as far back as they go, vnakra might have been mistaken.

0 Karma

vnakra_splunk
Splunk Employee
Splunk Employee

Aside from the excellent sites from Chris above, if your goal is to learn SPL, there are a few other resources I typically recommend:

Education: Take "Advanced Searching and Reporting" from Splunk Education. Very worth your time.

Apps:

People:

  • .conf is one of the best sources of wisdom out there. Archived sessions from 2013-2016 are up at conf.splunk.com. Two from the latest .conf that have great info on SPL are:
    • "Let Stats Sort Them Out: Building Complex Result Sets That Use Multiple Source Types" - by Nick Mealy (ex-Splunker, aka @Sideview): Recording and Slides
    • "Time After Time – Comparing Time Ranges in Splunk" by Lisa Guinn (Splunk Edu, aka @lguinn): Recording and Slides
  • Sign up for the Slack channel and talk to people. You soak up a lot by osmosis, and you'll meet the people who help you here on Answers.

The Splunk Book: From one of the creators of the product...http://www.splunk.com/goto/book

raj_mpl
Path Finder

Nice information … keep it up guys

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There are two sites (at least!) that community members have created to collect search examples:

Bookmark and keep your eye on those, people are adding more examples as time goes on.

The Splunk doc team is also watching those sites to look for good items to incorporate into the main product documentation. Please use the feedback form at the bottom of any topic page on docs.splunk.com if you have suggestions.

View solution in original post

lin10
Loves-to-Learn Lots

@ChrisG

Do you know of more secure online collections of Splunk search examples?

Went to the sites in your post, and

first, went to gosplunk.com and clicked on OurBlog, which redirected me to a site not  secured by a certificate (blogs.gosplunk.com), so I abandoned gosplunk.com altogether in favor of your next link,

The Big Book of Splunk Searches, which is not a site full of SPL searches, but is a site in search of an owner  ...

Thanks,

lin

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!