Splunk® Enterprise

Search Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

What's in Splunk Search

This topic discusses the Search views that are part of Splunk's Search & Reporting app, which is the interface you use to interact with your data.

The unified search and reporting experience also makes it easier for you to author and edit your reports. You can read more about creating and editing reports in the Reporting Manual.

The Search dashboard

Before you run a search, the Search dashboard will include:

  • The search bar. Use the search bar to run your searches in Splunk Web. Just type in your search string and hit enter or click the spyglass icon to the right of the time range picker.
  • The time range picker. Use the time range picker to specify the time period over which to retrieve events. The time range picker has many preset time ranges that you can select from, but you can also enter a custom time range.
  • How to search. This panel links you to the Search Tutorial and Search Manual to help you learn about searches.
  • What to search. This panel displays a summary of the data that is installed on this Splunk instance and that you are authorized to view. If you click on the Data Summary button, a window opens with tabs for the Hosts, Sources, Sourcetypes in your data.

The New Search dashboard

Running a new search takes you to the New Search dashboard. In this view, the search bar and time range picker are also available. The dashboard updates with many more elements such as search action buttons, a search mode selector, counts of events, a job status bar, and results tabs for Events, Statistics, and Visualizations.

Read more about the elements of the New Search dashboard in the following topics.

PREVIOUS
Welcome to the Search Manual
  NEXT
Perform actions on running searches

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters