Splunk Search

What are the basics for using the Splunk search interface?

jmulcaster_splu
Splunk Employee
Splunk Employee

I'm new to Splunk. What are some basics I need to know about the features in the search user interface?

0 Karma
1 Solution

jmulcaster_splu
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

In Splunk Enterprise, everything revolves around search.

Note: This answer applies to Splunk Enterprise and Splunk Cloud.

The basics of Splunk search

Search Processing Language (SPL) is Splunk's query language used to express the search commands and their functions, arguments and clauses, which tell the Splunk software what to do to with the events you retrieve from the indexes. The Splunk Enterprise Search Manual is a great place to start building your SPL ninja skills.

Splunk Web is the Splunk Enterprise web-based interface. Learn about each portion of the search interface within the Search Manual.

Any search in Splunk Enterprise can be saved as a saved search, scheduled search, report, new dashboard, or a panel within an existing dashboard. Here are some terms to get you started:

  • Ad Hoc Search: An unscheduled search you can use to explore data and build searches incrementally.
  • Saved Search: A search that a user makes available for later use. A report is a type of saved search.
  • Scheduled Search: A saved search that runs on a specific interval. A scheduled report is a type of scheduled search.
  • Scheduled Alert: A scheduled alert is an alert that runs on a regular interval, making it a type of scheduled search.
  • Dashboard: A user interface associated with an app that has one or more panels that show search results.

How to get started with search

Basic Searching in Splunk

View solution in original post

jmulcaster_splu
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

In Splunk Enterprise, everything revolves around search.

Note: This answer applies to Splunk Enterprise and Splunk Cloud.

The basics of Splunk search

Search Processing Language (SPL) is Splunk's query language used to express the search commands and their functions, arguments and clauses, which tell the Splunk software what to do to with the events you retrieve from the indexes. The Splunk Enterprise Search Manual is a great place to start building your SPL ninja skills.

Splunk Web is the Splunk Enterprise web-based interface. Learn about each portion of the search interface within the Search Manual.

Any search in Splunk Enterprise can be saved as a saved search, scheduled search, report, new dashboard, or a panel within an existing dashboard. Here are some terms to get you started:

  • Ad Hoc Search: An unscheduled search you can use to explore data and build searches incrementally.
  • Saved Search: A search that a user makes available for later use. A report is a type of saved search.
  • Scheduled Search: A saved search that runs on a specific interval. A scheduled report is a type of scheduled search.
  • Scheduled Alert: A scheduled alert is an alert that runs on a regular interval, making it a type of scheduled search.
  • Dashboard: A user interface associated with an app that has one or more panels that show search results.

How to get started with search

Basic Searching in Splunk

adukes_splunk
Splunk Employee
Splunk Employee

Added related video.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

I adjusted the question and a portion of the answer to better reflect that this is about the search screen and not limited to the search app.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...