Splunk® Enterprise

Splunk Enterprise Overview

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Searching and Reporting

The Searching and Reporting app lets you search your data, create data models and pivots, save your searches and pivots as reports, configure alerts, and create dashboards.

Searching

The Search Manual discusses how to search and use the Search Processing Language (SPL). See the Search Reference for a catalog of the search commands with syntax, descriptions, and examples for each command.

Task: Look here:
You are new to Splunk Enterprise and want to learn how to search and use the search processing language Start with the Search Tutorial
Learn more about the search processing language Get started with Search

About the search language

Understanding SPL syntax

About transforming commands and searches

About real-time searches and reports

Find a specific search command or function Command quick reference

Search commands by category

Evaluation functions

Statistical and charting functions

Manage search jobs About jobs and jobs management

View search job properties

Creating Pivots

The Knowledge Manager Manual includes a section that discusses how to design and build data models using the data model editor. The Pivot Manual discusses how to build pivots tables and charts.

Task: Look here:
You are new to Splunk Enterprise and want to learn about data model and pivot Pivot Tutorial
Learn about data models and how to build them About data models
Learn more about Pivot and how to use the Pivot Editor to design tables and charts. Pivot Manual

Reporting

See more about reports and report management in the Reporting Manual.

Task: Look here:
Use search commands to generate reports About transforming commands and searches
Learn about the different kinds of visualizations (tables, charts, event listings, and so on) Dashboards and Visualizations

Data structure requirements for visualizations

Save a search or pivot as a report Create and edit reports
Accelerate a report

Understand requirements for report acceleration

Accelerate reports
Schedule a report Schedule reports
Generate a PDF of your report Generate PDFs of your reports and dashboards

Alerting

See how to create and dispatch alerts in the Alerting Manual.

Task: Look here:
Learn about alerts About alerts
Set up email notifications, RSS notifications, or alert scripts Set up alert actions
See alerting examples Alert Examples
See recently triggered alerts Review triggered alerts using the Alert Manager
Set up alerts using the configuration files Configure alerts in savedsearches.conf

Creating dashboards and visualizations

Task: Look here:
Learn about creating and editing dashboards Dashboard overview
Learn about the different kinds of visualizations (tables, charts, event listings, and so on) Visualization Reference
Learn about the default activity and summary dashboards Splunk Enterprise summary dashboard
Learn about the Splunk Web Framework Splunk Web Framework Overview
Last modified on 23 April, 2018
Splunk Enterprise administration   Manage Splunk Enterprise knowledge

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters