What's in this manual
In this manual, you'll find information and procedures for the Splunk enterprise user—if you use Splunk to investigate problems and report on results, this is the manual for you.
Where to start?
If you're new to Splunk, check out the overview and then proceed to the Splunk tutorial! It guides you through adding data, searching your data, and building simple reports and dashboards. Let us know what you think!
Continue reading to:
- learn how to add data to your indexes
- start searching with terms, Boolean expressions, and fields
- learn how to use the search results and timeline to interactively narrow your search
- learn how to save event types, extract new fields, and tag field values
- learn how to save searches and set alert conditions for scheduled searches
- start building reports and charts to save and share with others
If you want to just jump right in and start searching, see the Search command cheat sheet for a quick reference complete with descriptions and examples.
Make a PDF
If you'd like a PDF version of this manual, click the red Download the User Manual as PDF link below the table of contents on the left side of this page. A PDF version of the manual is generated on the fly for you, and you can save it or print it out to read later.
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7