Splunk .conf2011: Search Language: Beginner

Sep 28, 20117 likes2,013 views

Did you know you can do crazy useful things with Splunk’s search search language? Sort, use fields, apply wildcards – but even better, it allows you to drill-down into the results using Splunk’s Search interface timeline. This session will show some concrete examples of how to use Splunk with web access and other types of commonly-used data so you can craft simple but powerful searches based on what’s interesting in your data. Learn the basics of the Splunk search language in this beginner class, then move on to the Intermediate and Advanced classes to become a real pro.

Search Language - Beginner Dan Plaza, Sr. Instructor

Getting started – Search summary view Running basic searches and viewing results Navigating through search results Understanding and using fields in search Saving searches Agenda

Dan Plaza – Senior Instructor – Splunk Splunker since November 2010 Experience in database, security, web apps and compliance standards Constantly amazed by the cool stuff Splunk can do About Your Presenter

Summary View current view global stats menus and action links time range picker data sources do it search box

Everything is searchable * wildcard supported Search terms are case insensitive Booleans AND, OR, NOT Booleans must be uppercase Implied AND between search terms Use () for complex searches Quote phrases Basic Search

Search Results timeline field picker timestamp event data Highlighted search terms

Searches return events An event is single piece of data in Splunk, like a record in a log file or other data input Splunk breaks up data into individual events and gives each a timestamp , host , source and source type Events

By default, Splunk searches over all time Use the time range picker to narrow your search, or search in real time Selecting the Time Range

Real-time searching allows you to view events as they come in Useful in troubleshooting an active issue or creating critical alerts Real-time Searching

Navigating Search Results – click Click a term in the events to add it to the search

Navigating Results – Alt+Click alt+click a term in the events to remove events with that term from the results

Navigating Results – Timeline Click a bar in the timeline to drill-down to events that occurred in that time period

Navigating Results – Timeline (cont.) Select all returns to the original timeframe You can also zoom in / zoom out to narrow or broaden the timerange

Select custom time from the time range picker to indicate specific date or relative time ranges Indicating a Custom Time Range

Fields turn plain old log data into Splunked data There are 2 types of fields Default fields – host , source , sourcetype . These fields exist for every event in Splunk. Data-defined fields – fields that are specific to a given type of data Fields

Splunk identifies fields in events, including the action field In these events, the action field has five values Identify the Fields

Use the Field Picker remove events from results that don’t have the field create reports click on a value to add to the search ALT + click on a value to remove from a search

This search example returns events where: The sourcetype – or type of data – is apache weblogs The action field has a value of purchase The HTTP status returned was NOT 200 Searching with Fields sourcetype=access_* action=purchase status!=200 36 events where an e-commerce purchase failed because of an HTTP error!!

Quick Reporting Click to generate a quick report

1. Click the save search icon 2. Name the search You can also edit the search string and time Optionally, share the search with other users Saving a Search 500 OR 503 500 OR 503

Run saved searches from the Searches and Reports menu Lists all searches you have permission to run Running a Saved Search

Splunk has many powerful features and search commands that allow you to Calculate statistics Format and organize values within search results Create compelling data visualizations and reports And more! Learn about some of these features in the Search language – intermediate session Beyond Basic Searching

August 15, 2011 Questions? Dan Plaza, Senior Instructor

Researchers should plan searches to address their research objectives. When adding a search, select an objective and provide details like the source, jurisdiction, scope of the search, record type, and comments. Filling out all search details will help organize research and streamline searches at facilities. Gaining experience through research, education and collaboration will improve a researcher's ability to plan effective searches.

ResearchTies: Adding objectivesjncrandell

The document discusses how to add objectives in genealogical research. It explains that the first step is to define an objective by selecting from categories like preliminary survey, record group, identifying a spouse/parents, or event. Objectives can be customized using a template that allows adding details about place, individual, family or surname. Researchers then locate objectives and link searches and results to track progress towards meeting each objective.

SplunkIntellipaat

SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunk

This document provides an agenda and overview for a beginner Splunk search language training. The agenda includes getting started, basic searching, navigating search results, using fields, saving searches, and next steps. It describes the presenter's experience and provides guidance on basic search concepts like wildcards, booleans, phrases, timestamps, and events. It demonstrates how to navigate results through clicking terms, the timeline, and custom time ranges. It also shows how to discover and search using fields as well as save and run saved searches. Finally, it suggests next steps in learning more advanced Splunk features and provides options for additional training.

Splunk overviewDaniel Hernandez

Splunk is a tool that indexes and searches data to generate graphs, alerts, and dashboards. It can analyze data from sources like logs, metrics, and other sources on both local and remote machines. Key concepts in Splunk include indexes which are databases that store events, which are individual data entries that are broken down and tagged with metadata during indexing. Searches in Splunk return results in tabs for events, statistics, and visualizations.

Splunk .conf2011: Search Language: IntermediateErin Sweeney

This document provides an overview of Splunk capabilities including knowledge objects, tags, event types, saved searches, alerts, and the search pipeline. It demonstrates how to use these features to better organize and analyze IT data through examples such as monitoring server activity, detecting suspicious login attempts, and tracking software sales. Advanced searching techniques including comparison operators, stats, and transaction commands are also explained to help users leverage Splunk's powerful search language.

Getting Started Breakout Session Splunk

This document provides an overview and agenda for a presentation on getting started with Splunk. Splunk is a software platform that allows users to search, analyze, and visualize machine-generated data like logs and metrics. The presentation will cover what Splunk is, basic searching functionality, using fields to filter search results, and saving and sharing reports. It includes standard legal disclaimers about forward-looking statements and trademarks.

SplunkLive! Analytics with Splunk EnterpriseSplunk

Splunk provides analytics capabilities through data models and pivot reporting. Data models encapsulate domain knowledge about data sources and allow non-technical users to interact with and report on data. Pivot provides a query builder interface for creating reports based on data models without using the Splunk search language. Data models define objects that map to events, searches, or groups of events/searches with constraints and attributes. Pivot reports generate optimized search strings from the data model objects.

SplunkLive! Data Models 101Splunk

This document provides an overview of data models in Splunk: - A data model maps raw machine data onto a hierarchical structure to encapsulate domain knowledge and enable non-technical users to interact with data via pivot reports. - There are three root object types: events, searches, and transactions. Objects have constraints, attributes, and inherit properties from parent objects. - Data models are built using the UI or REST API. Pivot reports leverage data models by generating optimized search strings from the model. - Data model acceleration improves performance of pivot reports by pre-computing searches on disk. Only the first event object and descendants are accelerated by default.

Analytics with splunk - Advancedjenny_splunk

Data models in Splunk provide a way to abstract raw machine data and encapsulate domain knowledge. They allow non-technical users to explore and report on data through a simplified pivot interface without needing to understand the underlying search language. A data model consists of a hierarchical set of objects that map to events, searches, or groups of events/searches. Objects define constraints and attributes to extract fields from raw data. The data model acceleration feature allows for faster analytics by pre-computing search results.

SplunkLive! Beginner SessionSplunk

This document provides an agenda for a Splunk technical workshop on getting started with Splunk. The agenda covers installing and starting Splunk, indexing sample data, performing basic searches, creating alerts, building reports and dashboards. It also discusses Splunk deployment and integration topics like distributed search, high availability, licensing, and integrating external user directories.

SplunkLive! Munich 2018: Data Onboarding OverviewSplunk

Splunk live beginner training nycDimitri McKay - CISSP

This document outlines an agenda for a Splunk getting started user training workshop. The agenda includes introducing Splunk functionality like search, alerts, dashboards, deployment and integration. It also covers installing Splunk, indexing data, search basics, field extraction, saved searches, alerting and reporting dashboards. The workshop aims to help users get started with the core Splunk features.

SplunkLive! - Getting started with SplunkSplunk

This document provides an overview and introduction to Splunk, an enterprise software platform for searching, monitoring, and analyzing machine-generated big data, such as logs, metrics, and events. The agenda covers what Splunk is, how to get started with Splunk including installing and licensing, basic search functionality, creating alerts and dashboards, deployment and integration options to scale Splunk across multiple sites and systems, and resources for support and the Splunk community. Key capabilities highlighted include searching and analyzing structured and unstructured machine data, indexing petabytes of data per day, role-based access controls, high availability, and integrating with third-party systems.

SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk

SharePoint Jumpstart #2 Making Basic SharePoint Search WorkEarley Information Science

This session will cover ithe nuts & bolts of how to develop and tune built-in search capabilities, making SharePoint search work for you. Making SharePoint Search work comes down to some very practical steps you can take to improve the search experience for your end users. Many organizations fail to take advantage of the controls built into SharePoint. Further, they ignore objective ways to measure success. In this call, we will discuss the following topics: • The impact of site structure on relevancy • Using metadata to improve findability • Leveraging SharePoint Best Bets • Authoritative pages for prescribed keywords • Utilizing pre-constructed search queries • Measuring results and making adjustments

The power of searchSmitha Poluri

NetSuite offers powerful search tools to access integrated data stored in its system. Users can perform simple searches by entering keywords or defining filters on a search page. More advanced searches allow filtering by formulas and related records, defining sort order, and grouping results with summary calculations. Defining advanced criteria, using formulas, and applying functions to results columns enables users to compile comprehensive analyses from NetSuite's consolidated data.

SplunkLive Oslo/Stockholm Beginner Workshopjenny_splunk

This document provides an agenda and overview for a Splunk getting started user training workshop. The agenda covers getting started with Splunk, searching, alerts, dashboards, deployment and integration, the Splunk community, and getting help. It also provides explanations and examples of key Splunk concepts like searching, fields, saved searches, alerts, reports, dashboards, deployment options, and support resources. The goal is to introduce users to the essential functionality and capabilities of the Splunk platform.

Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk

Lesser known-search-commandspendoo

The document discusses several lesser-known search commands in Splunk including: - Administrative commands like rest, makeresults, and gentimes that provide information about data or the Splunk server without accessing raw event data. - Iterative commands like map and foreach that perform looping operations on events or field values in the search pipeline. - Statistical commands that calculate metrics and are more computationally expensive than typical searches.

Introduction to Splunk Presentation (DevOps)Knoldus Inc.

Flying Blind On A Rocket Cycle: Customer-centered Product Strategy for Machin...Joe Lamantia

From ProductCamp Boston 2024. "Using the product strategy cycle as a guide, this session shares a case study on the growth and evolution of B2B product portfolios driven by machine intelligence for a leading SaaS product maker. This case study reviews a series of new product efforts; outlines the methods, tools, and practices that powered opportunity assessment, product discovery, and strategic planning; traces the evolution of product portfolios; and considers business outcomes from building and growing a portfolio of new analytics products and services for Oracle over the course of several years." This case study illustrates and demonstrates: Crafting customer-centered product strategies for new machine intelligence / AI / ML technologies Building and evolving customer-centered products and portfolios, and new product categories Establishing effective, innovative, customer-centered product strategy capabilities and practices for emerging spaces

Splunk bangalore user group 2020 08 01NiketNilay

This document provides information about an upcoming Bengaluru User Group meeting on search tips and optimization best practices. It includes details about the agenda, speaker, and links for joining the session online or via YouTube. The document encourages participants to join the #splunk_bengaluru_usergroup Slack channel for Q&A during the presentation and provides resources for future user group meetings and community engagement through Splunk's official sites.

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”voginip

Smartlogic provides semantic search and content intelligence solutions to unlock business value from unstructured content. Their software, Semaphore, uses natural language processing and machine learning to build ontologies and automatically annotate content with metadata, enabling more sophisticated search and discovery of hidden knowledge within large volumes of documents. Semaphore integrates with various systems and delivers benefits such as cost savings from more efficient content exploration, risk reduction through improved compliance, and competitive advantages from making better use of organizational intelligence in content.

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”VOGIN-academie

Smartlogic provides semantic search and content intelligence solutions to unlock business value from unstructured content. Their solution, Semaphore, uses natural language processing and machine learning to automatically enrich content with metadata, extract entities and facts, and categorize content according to customizable semantic models or ontologies. This helps organizations more effectively search, discover, and leverage information across diverse content sources. Semaphore delivers enhanced search capabilities, automated categorization, and tools to build and manage semantic models collaboratively. Customers report benefits such as reduced time spent searching, lower classification costs, and reduced risk of non-compliance by making more information accessible.

Splunk Enterprise 6.4Splunk

This document introduces Splunk Enterprise & Splunk Cloud Release 6.4. It highlights new features including unlimited custom visualizations, enhanced predictive analytics, expanded cloud services monitoring, improved platform security and management, and reduced storage costs for historical data of up to 80% with Splunk Enterprise. The release aims to help users get more value from big data while lowering storage costs.

SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk

This document provides an overview and tips for optimizing searches in Splunk. It discusses how to scope searches more narrowly through techniques like limiting the time range and including specific indexes, sourcetypes, and fields. This helps reduce the amount of data that needs to be scanned to find search results. The document also recommends using inclusionary search terms rather than exclusionary ones when possible to improve performance. Additional optimization strategies covered include using smarter search modes and defining fields on segmented boundaries.

SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunk

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

Role of Data Annotation Services in AI-Powered ManufacturingAndrew Leo

More Related Content

Similar to Splunk .conf2011: Search Language: Beginner (20)

SplunkLive! Data Models 101Splunk

Analytics with splunk - Advancedjenny_splunk

SplunkLive! Beginner SessionSplunk

SplunkLive! Munich 2018: Data Onboarding OverviewSplunk

Splunk live beginner training nycDimitri McKay - CISSP

SplunkLive! - Getting started with SplunkSplunk

SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk

SharePoint Jumpstart #2 Making Basic SharePoint Search WorkEarley Information Science

The power of searchSmitha Poluri

SplunkLive Oslo/Stockholm Beginner Workshopjenny_splunk

Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk

Lesser known-search-commandspendoo

Introduction to Splunk Presentation (DevOps)Knoldus Inc.

Flying Blind On A Rocket Cycle: Customer-centered Product Strategy for Machin...Joe Lamantia

Splunk bangalore user group 2020 08 01NiketNilay

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”voginip

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”VOGIN-academie

Splunk Enterprise 6.4Splunk

SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk

SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunk

SplunkLive! Data Models 101Splunk

Analytics with splunk - Advancedjenny_splunk

SplunkLive! Beginner SessionSplunk

SplunkLive! Munich 2018: Data Onboarding OverviewSplunk

Splunk live beginner training nycDimitri McKay - CISSP

SplunkLive! - Getting started with SplunkSplunk

SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk

SharePoint Jumpstart #2 Making Basic SharePoint Search WorkEarley Information Science

The power of searchSmitha Poluri

SplunkLive Oslo/Stockholm Beginner Workshopjenny_splunk

Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk

Lesser known-search-commandspendoo

Introduction to Splunk Presentation (DevOps)Knoldus Inc.

Flying Blind On A Rocket Cycle: Customer-centered Product Strategy for Machin...Joe Lamantia

Splunk bangalore user group 2020 08 01NiketNilay

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”voginip

Smartlogic, Semaphore and Semantically Enhanced Search – For “Discovery”VOGIN-academie

Splunk Enterprise 6.4Splunk

SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk

SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunk

Recently uploaded (20)

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

Role of Data Annotation Services in AI-Powered ManufacturingAndrew Leo

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

Salesforce AI Associate 2 of 2 Certification.docxJosé Enrique López Rivera

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

Building 10x Organizations with Modern Productivity Metrics 10x developers may be a myth, but 10x organizations are very real, as proven by the influential study performed in the 1980s, ‘The Coding War Games.’ Right now, here in early 2025, we seem to be experiencing YAPP (Yet Another Productivity Philosophy), and that philosophy is converging on developer experience. It seems that with every new method we invent for the delivery of products, whether physical or virtual, we reinvent productivity philosophies to go alongside them. But which of these approaches actually work? DORA? SPACE? DevEx? What should we invest in and create urgency behind today, so that we don’t find ourselves having the same discussion again in a decade?

Splunk Security Update | Public Sector Summit Germany 2025Splunk

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

How Can I use the AI Hype in my Business Context?Daniel Lehner

𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨? Everyone’s talking about AI but is anyone really using it to create real value? Most companies want to leverage AI. Few know 𝗵𝗼𝘄. ✅ What exactly should you ask to find real AI opportunities? ✅ Which AI techniques actually fit your business? ✅ Is your data even ready for AI? If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.

Asthma presentación en inglés abril 2025 pdfVanessaRaudez

"Client Partnership — the Path to Exponential Growth for Companies Sized 50-5...Fwdays

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

Build Your Own Copilot & Agents For DevsBrian McKeiver

Buckeye Dreamin' 2023: De-fogging Debug LogsLynda Kane

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

Buckeye Dreamin 2024: Assessing and Resolving Technical DebtLynda Kane

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

This session is designed to equip developers with the skills needed to build mission-critical, end-to-end processes that seamlessly orchestrate agents, people, and robots. 📕 Here's what you can expect: - Modeling: Build end-to-end processes using BPMN. - Implementing: Integrate agentic tasks, RPA, APIs, and advanced decisioning into processes. - Operating: Control process instances with rewind, replay, pause, and stop functions. - Monitoring: Use dashboards and embedded analytics for real-time insights into process instances. This webinar is a must-attend for developers looking to enhance their agentic automation skills and orchestrate robust, mission-critical processes. 👨‍🏫 Speaker: Andrei Vintila, Principal Product Manager @UiPath This session streamed live on April 29, 2025, 16:00 CET. Check out all our upcoming Dev Dives sessions at https://community.uipath.com/dev-dives-automation-developer-2025/.

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Datastucture-Unit 4-Linked List Presentation.pptxkaleeswaric3

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

Role of Data Annotation Services in AI-Powered ManufacturingAndrew Leo

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

Salesforce AI Associate 2 of 2 Certification.docxJosé Enrique López Rivera

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

Splunk Security Update | Public Sector Summit Germany 2025Splunk

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

How Can I use the AI Hype in my Business Context?Daniel Lehner

Asthma presentación en inglés abril 2025 pdfVanessaRaudez

"Client Partnership — the Path to Exponential Growth for Companies Sized 50-5...Fwdays

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

Build Your Own Copilot & Agents For DevsBrian McKeiver

Buckeye Dreamin' 2023: De-fogging Debug LogsLynda Kane

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

Buckeye Dreamin 2024: Assessing and Resolving Technical DebtLynda Kane

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Datastucture-Unit 4-Linked List Presentation.pptxkaleeswaric3

Splunk .conf2011: Search Language: Beginner

1. Search Language - Beginner Dan Plaza, Sr. Instructor

2. Getting started – Search summary view Running basic searches and viewing results Navigating through search results Understanding and using fields in search Saving searches Agenda

3. Dan Plaza – Senior Instructor – Splunk Splunker since November 2010 Experience in database, security, web apps and compliance standards Constantly amazed by the cool stuff Splunk can do About Your Presenter

4. Getting started

5. Launching the Search App

6. Summary View current view global stats menus and action links time range picker data sources do it search box

7. Basic Searching

8. Everything is searchable * wildcard supported Search terms are case insensitive Booleans AND, OR, NOT Booleans must be uppercase Implied AND between search terms Use () for complex searches Quote phrases Basic Search

9. Search Results timeline field picker timestamp event data Highlighted search terms

10. Searches return events An event is single piece of data in Splunk, like a record in a log file or other data input Splunk breaks up data into individual events and gives each a timestamp , host , source and source type Events

11. By default, Splunk searches over all time Use the time range picker to narrow your search, or search in real time Selecting the Time Range

12. Real-time searching allows you to view events as they come in Useful in troubleshooting an active issue or creating critical alerts Real-time Searching

13. Navigating Through Results

14. Navigating Search Results – click Click a term in the events to add it to the search

15. Navigating Results – Alt+Click alt+click a term in the events to remove events with that term from the results

16. Navigating Results – Timeline Click a bar in the timeline to drill-down to events that occurred in that time period

17. Navigating Results – Timeline (cont.) Select all returns to the original timeframe You can also zoom in / zoom out to narrow or broaden the timerange

18. Select custom time from the time range picker to indicate specific date or relative time ranges Indicating a Custom Time Range

19. Using Fields

20. Fields turn plain old log data into Splunked data There are 2 types of fields Default fields – host , source , sourcetype . These fields exist for every event in Splunk. Data-defined fields – fields that are specific to a given type of data Fields

21. Splunk identifies fields in events, including the action field In these events, the action field has five values Identify the Fields

22. Use the Field Picker remove events from results that don’t have the field create reports click on a value to add to the search ALT + click on a value to remove from a search

23. This search example returns events where: The sourcetype – or type of data – is apache weblogs The action field has a value of purchase The HTTP status returned was NOT 200 Searching with Fields sourcetype=access_* action=purchase status!=200 36 events where an e-commerce purchase failed because of an HTTP error!!

24. Quick Reporting Click to generate a quick report

25. Saving Searches

26. 1. Click the save search icon 2. Name the search You can also edit the search string and time Optionally, share the search with other users Saving a Search 500 OR 503 500 OR 503

27. Run saved searches from the Searches and Reports menu Lists all searches you have permission to run Running a Saved Search

28. Splunk has many powerful features and search commands that allow you to Calculate statistics Format and organize values within search results Create compelling data visualizations and reports And more! Learn about some of these features in the Search language – intermediate session Beyond Basic Searching

29. August 15, 2011 Questions? Dan Plaza, Senior Instructor

Editor's Notes

#5: How can you leverage Splunk?
#8: How can you leverage Splunk?
#14: How can you leverage Splunk?
#20: How can you leverage Splunk?
#26: How can you leverage Splunk?

Splunk .conf2011: Search Language: Beginner

Recommended

More Related Content

Similar to Splunk .conf2011: Search Language: Beginner (20)

Recently uploaded (20)

Splunk .conf2011: Search Language: Beginner

Editor's Notes