Splunk Search

any good tutorial for splunk search queries

subhadipc
Explorer

Hi,

I would like to know the link, or any document where from I can learn how to write search queries for different report. Please help.

Tags (3)

Shankar2677
Loves-to-Learn Lots

It would be helpful to the community here: Splunk Training 

0 Karma

Shankar2677
Loves-to-Learn Lots

Hi, you can attend splunk training and ask experts about splunk search queries. But you can find a very good resource here: http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf

0 Karma

gk6565
New Member

Hi, you can attend splunk training and expert in splunk search queries. But you can find a very good resource here: http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf

0 Karma

gjanders
SplunkTrust
SplunkTrust

This post is originally from 2012!

A more modern post is https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html , the hungry newbie post has a number of useful links for tutorials.

Also Splunk 6.X Fundamentals Part 1 (eLearning) is now free.

0 Karma

araitz
Splunk Employee
Splunk Employee

ChrisG
Splunk Employee
Splunk Employee

This is also available from the following docs topic: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchCheatsheet.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Yes, start with the Splunk Tutorial. If your focus is on searching and reporting, continue in the documentation, starting with the About Search topic, continuing with the topics that follow it, and then going on to the topics that begin with About reports, dashboards, and data visualizations.

I also recommend the Searching and Reporting with Splunk class, see http://www.splunk.com/view/education/SP-CAAAAH9, and I agree that the UI Examples app is extremely useful for learning how to construct form searches and dashboards through XML. But start with the docs and see where you need to go from there.

0 Karma

RicoSuave
Builder

I would first start with the basic splunk tutorial located here

http://docs.splunk.com/Documentation/Splunk/latest/User/WelcometotheSplunktutorial

Then download http://splunk-base.splunk.com/apps/22333/splunk-ui-examples-app-for-41

And take a look at the code and the searches that are being used to generate the various dashboards. Once you feel comfortable with searching and reporting and building dashboards then download Nick's Sideview Util's app and go through all of his examples.

http://splunk-base.splunk.com/apps/36405/sideview-utils

It also wouldn't hurt to take splunk's search and reporting class.

RicoSuave
Builder

It stands for User Interface: http://en.wikipedia.org/wiki/User_interface

0 Karma

gk6565
New Member

It would be helpful to the community here: http://mindmajix.com/splunk-training

0 Karma

amortiz
Explorer

apologize for my density level, what is an UI? Is it by chance short for utility or maybe user interface
I did look through the linked page to make sure I wasn't missing the obvious.
My Texas schooling only goes so far.
Thanks,

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...