Splunk® Enterprise

Splunk Enterprise Overview

Download manual as PDF

Download topic as PDF

Search and reporting

The Search and Reporting app lets you search your data, create data models and pivots, save your searches and pivots as reports, configure alerts, and create dashboards. This app is provided by default.

Search

The Search Manual describes how to search and use the Search Processing Language (SPL). See Search Reference for syntax, descriptions, and examples for each search command.

Task: Look here:
Learn how to search and use the Search Processing Language About the Search Tutorial
Learn more about the Search Processing Language

Get started with Search

About the search language

Understanding SPL syntax

About transforming commands and searches

About real-time searches and reports

Find a specific search command or function

Command quick reference

Commands by category

Evaluation functions

Statistical and charting functions

Manage search jobs

About jobs and jobs management

View search job properties

Create Pivots

The Knowledge Manager Manual describes how to design and build data models using the data model editor. The Pivot Manual describes how to build pivots tables and charts.

Task: Look here:
Learn about data models and how to build them About data models
Learn more about Pivot and how to use the Pivot Editor to design tables and charts Pivot Manual

Reports

See more about reports and report management in the Reporting Manual.

Task: Look here:
Use search commands to generate reports About transforming commands and searches
Learn about types of visualizations

Visualization reference

Data structure requirements for visualizations

Save a search or pivot as a report Create and edit reports

Accelerate a report

Understand requirements for report acceleration

Accelerate reports
Schedule a report Schedule reports
Generate a PDF of your report Generate PDFs of your reports and dashboards

Alerts

See how to create and dispatch alerts in the Alerting Manual.

Task: Look here:
Learn about alerts Getting started with alerts
Set up email notifications, RSS notifications, or alert scripts Set up alert actions
See alerting examples Alert examples
See recently triggered alerts Triggered alerts
Set up alerts using the configuration files Configure alerts in savedsearches.conf

Create dashboards and visualizations

See the Dashboards and Visualizations manual for more information on the visualization and dashboard workflow and using the Splunk Web Framework.

Task: Look here:
Learn about creating and editing dashboards Dashboard overview
Learn about types of visualizations Visualization reference
Learn about the default activity and summary dashboards Splunk Enterprise summary dashboard
Learn about the Splunk Web Framework Splunk Web Framework Overview
PREVIOUS
Splunk Enterprise administration
  NEXT
Manage Splunk Enterprise knowledge

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1, 7.3.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters