Splunk® Enterprise

Search Tutorial

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Navigating Splunk Web

This topic discusses navigating the different views in Splunk Web.

About Splunk Home

Splunk Home is your interactive portal to the data and apps accessible from this Splunk instance. The main parts of Home include the Splunk Enterprise navigation bar, the Apps menu, the Explore Splunk Enterprise panel, and a custom default dashboard (not shown here).

6.2 splunk home.png

Apps panel

The Apps panel lists the apps that are installed on your Splunk instance that you have permission to view. Select the app from the list to open it.

For an out-of-the-box Splunk Enterprise installation, you see one App in the workspace: Search & Reporting. The Search & Reporting app is sometimes referred to as the Search app. When you have more than one app, you can drag and drop the apps within the workspace to rearrange them.

You can perform the following actions.

  • Click the gear icon to view and manage the apps that are installed in your Splunk instance.
  • Click the plus icon to browse for more apps to install.

Explore Splunk Enterprise

The options in the Explore Splunk Enterprise panel help you to get started using Splunk Enterprise. Click on the icons to open the Add Data view, browse for new apps, open the Splunk Enterprise Documentation, or open Splunk Answers.

About the Splunk bar

Use the Splunk bar to navigate the views in your Splunk instance. It appears on every page in Splunk Enterprise. You can use it to switch between apps, manage and edit your Splunk configuration, view system-level messages, and monitor the progress of search jobs.

The following screenshot shows the Splunk bar in Splunk Home.

6.2 splunk bar.png


The Splunk bar in another view, such as the Search & Reporting app's Search view, also includes an App menu next to the Splunk logo.

6.2 tutorial splunkbar search.png

Return to Splunk Home

Click the Splunk logo on the navigation bar to return to Splunk Home from any other view in Splunk Web.

Settings menu

The Settings menu lists the configuration pages for Knowledge objects, Distributed environment settings, System and licensing, Data, and Authentication settings. If you do not see some of these options, you do not have the permissions to view or edit them.

6.2 home settings menu.png

Account menu

Use the Account menu to edit your account settings or log out of this Splunk installation. The Account menu is called "Administrator" because that is the default user name for a new installation. You can change this display name by selecting Edit account and changing the Full name. Other settings you can edit include: the time zone settings, the default app for this account, and the account's password.

6.1 home user menu.png

Messages menu

All system-level error messages are listed on the Messages menu. When there is a new message to review, a notification appears as a count next to the Messages menu. Click the X to remove the message.

Activity menu

The Activity menu lists shortcuts to the Jobs, Triggered alerts, and System Activity views.

6.1 home activity menu.png


  • Click Jobs to open the search jobs manager window, where you can view and manage currently running searches.
  • Click Triggered Alerts to view scheduled alerts that are triggered. This tutorial does not discuss saving and scheduling alerts. See "About alerts" in the Alerting Manual.
  • Click System Activity to see Dashboards about user activity and status of the system.

Help

Click Help to see links to Video Tutorials, Splunk Answers, the Splunk Support Portal, and online Documentation.


Find

Use Find to search for objects within your Splunk Enterprise instance. Find performs matches that are not case sensitive on the ID, labels, and descriptions in saved objects. For example, if you type "error", it returns the saved objects that contain the term "error".

6.2 tutorial find error.png

These saved objects include Reports, Dashboards, Alerts, and Data models. The results appear in the list separated by the categories where they exist.

You can also run a search for error in the Search & Reporting app by clicking Open error in search.

Next steps

Now that you are more familiar with Splunk Web, see "About getting data into Splunk Enterprise."

PREVIOUS
Start Splunk Enterprise and launch Splunk Web
  NEXT
About getting data into Splunk Enterprise

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters