Welcome to the Search Manual
Now you've got all that data in your system...what do you want to do with it? Start by using Splunk's powerful search functionality to look for anything, not just a handful of predetermined fields. Combine time and term searches. Find errors across every tier of your IT infrastructure and track down configuration changes in the seconds before a system failure occurs.
This manual discusses the search language and how to write a search in Splunk.
Before you start reading about search, make sure you:
- Have access to data on your local machine or a remote server. Read more about getting data into Splunk in the "Getting Data In Manual".
- Understand how indexing works in Splunk. Read more about how Splunk processes data in the "Managing Indexers Manual".
- Understand fields and knowledge objects, such as source type and event type. Read more about Knowledge objects in Splunk in the "Knowledge Manager Manual".
- Be familiar with the Search app and the search and reporting dashboards. If you're new to Splunk and search, the "SplunkTutorial" is a great place to start--It guides you through adding data, searching your data, and building simple reports and dashboards.
If you're just interested in the list of search commands and arguments available for searching in Splunk, refer to the Search Reference Manual.
Whats in Splunk Search
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18