Related Answers
Download topic as PDF
Welcome to the Search Reference
This manual is a reference guide for the Search Processing Language (SPL). In this manual you will find a catalog of the search commands with complete syntax, descriptions, and examples. Additionally, this manual includes quick reference information about the categories of commands, the functions you can use with commands, and how SPL relates to SQL.
Getting Started
If you are new to Splunk Enterprise and search, start with the Search Tutorial. This tutorial introduces you to the Search and Reporting application. The tutorial guides you through adding data to Splunk Enterprise, searching your data, and building simple reports and dashboards.
Before you can start using search on your own Splunk Enterprise instance:
- Add data to your instance. Learn how to get data into Splunk Enterprise in the Getting Data In manual.
- Understand how indexing works in Splunk Enterprise and how data is processed in the Managing Indexers and Clusters of Indexers manual.
- Learn about fields and knowledge objects, such as host, source type, and event type in the Knowledge Manager Manual.
Search Manual
The Search Manual contains detailed information about creating and optimizing searches.
- Types of searches
- Retrieving events
- Specifying time ranges
- Using subsearches
- Creating statistical tables and charts
- Grouping and correlating events
- Predicting future events
Quick Reference Information
The Splunk Enterprise Quick Reference Guide contains:
- Explanations about Splunk Enterprise features
- Common search commands
- Tips on optimizing searches
- Functions for the
evalandstatscommands - Search examples
- Regular expressions
- Formats for converting strings into timestamps
The search commands by category topic organizes the commands by the type of action that the command performs.
For example, commands in the reporting category, are used to build transforming searches. Reporting commands return statistical data tables that are required for charts and other kinds of data visualizations.
This topic contains a brief description of each command along with a link to the details about the command in the Command Reference section of this manual.
Before you continue, read Understanding SPL syntax for the conventions and rules used in this manual.
|
NEXT Understanding SPL syntax |
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.13, 6.2.14, 6.2.15
Pardon the plug here, but it may be useful to many new and seasoned users! For a list of working Splunk Search Queries go check out www.gosplunk.com. You'll find nearly 200 known working queries for a variety of data sources.