Splunk® Enterprise

Search Tutorial

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Additional resources

You can continue to use the tutorial data, run more searches, and create more dashboards.

The following sections provide additional information and links.

Splunk Community

The Splunk Community is amazing and full of very active members who are supportive of new users. You can search for solutions or ask questions on Splunk Answers, connect with helpful and fun Splunk enthusiasts through chat groups, or meet users in your local area at User Groups near you. The Community portal has everything you need to discover how to set yourself up for success with the Splunk Community.

Search resources

This tutorial was a brief introduction to navigating the search interface and using the search language. It walked you through running some basic searches and saving the results as a report and dashboard, but you can do much more with the Splunk software. For more details, see the following manuals:

  • Search Manual: Explains how to search and use the Splunk Search Processing Language (SPL™). Look here for more thorough examples of writing Splunk searches to calculate statistics, evaluate fields, and report on search results.
  • Search Reference: Provides a reference for users who are looking for a catalog of the search commands with complete syntax, descriptions, and examples for usage.

Splunk documentation

Splunk has a wide range of documentation, including tutorials, use cases, and manuals for administrators, developers, and users, as well as SDK and SPL command syntax documentation.

There are separate manuals for searches, dashboards and visualizations, reports, metrics, and alerts. There is even a manual for people who have inherited a Splunk deployment.

You will find all of the information on the Splunk Documentation site.

Quick References

Splunk Quick Reference Guide
Contains information about fundamental concepts, features, and components in Splunk software. The guide also includes explanations and examples of common search commands and functions.
Dashboards Quick Reference Guide
Provides an overview of the most common operations, definitions, and commands that you will use when you create dashboards and visualizations.

Splunk Enterprise system requirements

The Search Tutorial presents a snapshot of the Splunk Enterprise system requirements. For an explanation of the requirements, see System Requirements in the Installation Manual.

Accessing your data

To learn more about the types of data you can add and using apps to index data, see Get started with getting data in in the Getting data In manual.

Education

To learn more about Splunk features and how to use them, see the Splunk selection of Education videos and classes.

Send us feedback

At the bottom of every page of this tutorial, and all of the Splunk documentation, is a quick form that you can use to send us feedback.

This screen image shows the "Was this topic useful" form at the bottom of each topic in the Splunk documentation.

Last modified on 13 May, 2021
PREVIOUS
Add more panels to dashboards
 

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters