About the Search Tutorial
The Search & Reporting application (Search app) is the primary interface for using the Splunk software to run searches, save reports, and create dashboards. This Search Tutorial is written for the user who is new to the Splunk software and the Search app.
Already have access to Splunk software?
For this tutorial, use a free trial version of the Splunk software.
Why? Because this tutorial uses a specific set of data to ensure consistency in your search results and the features that you are learning about. In the tutorial, you will upload this tutorial-specific data to the Splunk platform. You might not have permission to upload data in your production, work environment. Additionally, using a free trial version of the software ensures that the tutorial data is not mixed in with your work data.
The steps for downloading a free trial version of Splunk Enterprise are described in the tutorial.
What's in this tutorial?
You will learn how to use the Search app to add data to your Splunk platform, search the data, save the searches as reports, and create dashboards. If you are new to the Search app, this tutorial is the place to start.
How to use this tutorial
Each Part in the Search Tutorial builds on the previous Part. For example, the searches that you create in Part 5 are used to create reports and charts in Part 6. It is important that you don't skip a Part.
- Part 1: Downloading and installing Splunk Enterprise takes you through the steps to download, install, and start Splunk Enterprise on your system. (Skip this step if you are using Splunk Cloud.)
- Part 2: Getting started with Splunk Enterprise describes Splunk Web, which is the interface for using Splunk Enterprise and Search.
- Part 3: Getting data into Splunk Enterprise walks you through adding the tutorial data into Splunk Enterprise. The tutorial data, which is a sample data set composed of web server and MySQL logs for a fictional online game store, is included for download.
- Part 4: Using Splunk Search describes the parts of Splunk Web you need to to run searches, including the search dashboards, the timerange picker, search actions, and other options.
- Part 5: Searching the tutorial data teaches different ways to search and includes using fields, using the search language, subsearches, and field lookups.
- Part 6: Saving and sharing reports describes the steps to save and share your searches as reports.
- Part 7: Creating dashboards discusses how to create dashboards targeted to meet different business needs.
Using the PDF version of the tutorial
You can copy and paste search strings or regular expressions directly into the Search & Reporting App from this online tutorial in your web browser.
Do not copy and paste search strings or regular expressions directly from the electronic PDF into the Search app. Pasting data from the PDF can cause errors in searches, because of hidden characters that are included in the PDF formatting.
See Additional resources at the end of this tutorial for information about:
- The Splunk community
- Links to the Splunk documentation
- Providing feedback
What you need for this tutorial
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14