Splunk Search

any good tutorial for splunk search queries

subhadipc
Explorer

Hi,

I would like to know the link, or any document where from I can learn how to write search queries for different report. Please help.

Tags (3)

gk6565
New Member

Hi, you can attend splunk training and expert in splunk search queries. But you can find a very good resource here: http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf

0 Karma

gjanders
SplunkTrust
SplunkTrust

This post is originally from 2012!

A more modern post is https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html , the hungry newbie post has a number of useful links for tutorials.

Also Splunk 6.X Fundamentals Part 1 (eLearning) is now free.

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

araitz
Splunk Employee
Splunk Employee

ChrisG
Splunk Employee
Splunk Employee

This is also available from the following docs topic: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchCheatsheet.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Yes, start with the Splunk Tutorial. If your focus is on searching and reporting, continue in the documentation, starting with the About Search topic, continuing with the topics that follow it, and then going on to the topics that begin with About reports, dashboards, and data visualizations.

I also recommend the Searching and Reporting with Splunk class, see http://www.splunk.com/view/education/SP-CAAAAH9, and I agree that the UI Examples app is extremely useful for learning how to construct form searches and dashboards through XML. But start with the docs and see where you need to go from there.

0 Karma

RicoSuave
Builder

I would first start with the basic splunk tutorial located here

http://docs.splunk.com/Documentation/Splunk/latest/User/WelcometotheSplunktutorial

Then download http://splunk-base.splunk.com/apps/22333/splunk-ui-examples-app-for-41

And take a look at the code and the searches that are being used to generate the various dashboards. Once you feel comfortable with searching and reporting and building dashboards then download Nick's Sideview Util's app and go through all of his examples.

http://splunk-base.splunk.com/apps/36405/sideview-utils

It also wouldn't hurt to take splunk's search and reporting class.

RicoSuave
Builder

It stands for User Interface: http://en.wikipedia.org/wiki/User_interface

0 Karma

gk6565
New Member

It would be helpful to the community here: http://mindmajix.com/splunk-training

0 Karma

amortiz
Explorer

apologize for my density level, what is an UI? Is it by chance short for utility or maybe user interface
I did look through the linked page to make sure I wasn't missing the obvious.
My Texas schooling only goes so far.
Thanks,

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!