Splunk® Enterprise

Search Manual

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Navigating Splunk Web

This topic discusses navigating the different views in Splunk Web, the Splunk web browser interface.

About Splunk Home

Splunk Home is your interactive portal to the data and apps in your Splunk deployment. The first time you log into your Splunk deployment, you land in Splunk Home. All of your apps appear on this page.

The main parts of Splunk Home include the Splunk bar, the Apps menu, the Explore panel, and a custom default dashboard (not shown here).

This image shows the Splunk Home page for Splunk Enterprise. The Apps panel extends the full length of the left side of the window. The Splunk bar is at the top of the window. The  Explore Splunk panel contains several large icons.

Your Splunk account might be configured to start in another view instead of Splunk Home, such as Search or Pivot in the Search & Reporting app.

Apps panel

The Apps panel lists the apps that are installed on your Splunk instance that you have permission to view. Select the app from the list to open it. The Search & Reporting app is often referred to as Splunk Search. When you have more than one app, you can drag and drop the apps within the workspace to rearrange them.

You can perform the following actions.

  • Click the gear icon to view and manage the apps that are installed in your Splunk deployment.
  • Click the plus icon to browse for more apps to install.

Explore panel

The options in the Explore panel help you to get started. Click on the icons to open the Add Data view, browse for new apps, open the user documentation, or open Splunk Answers.

Home dashboard

Below the Explore panel is the home dashboard. When you first open Splunk Home, there is no default dashboard.

Click in the area labeled Choose a home dashboard to select a default dashboard.

If you are new to Splunk software, hold off selecting a default dashboard until you have created and saved a few searches. You might want to create a dashboard of your own and use that as your default dashboard.

For more information about dashboards, see the Dashboards and Visualizations manual.

About the Splunk bar

Use the Splunk bar to navigate Splunk Web. You can use it to switch between apps, add data, manage settings and edit your Splunk configuration, view system-level messages, monitor the activity of your search jobs and alerts, and get help using Splunk software.

The Splunk bar in another view, such as the Search view in the Search & Reporting app, also includes an App menu next to the Splunk logo. Use the App menu to quickly switch between the Splunk applications that you have installed on your computer.

This image shows the Splunk bar in the Search app in Splunk Enterprise. From left to right, the first item on the Splunk bar is the Splunk logo. The second item is the Applications menu. To the right are several other menus, such as Account, Messages, Settings, and so forth.

Return to Splunk Home

Click the Splunk logo on the navigation bar to return to Splunk Home from any other view in Splunk Web.

Settings menu

The Settings menu lists the configuration pages for Knowledge objects, Distributed environment settings, System and licensing, Data, and Authentication settings. If you do not see some of these options, you do not have the permissions to view or edit them.

This image shows the Settings menu that you access from the Splunk bar. The Settings menu contains options to manage Knowledge objects, Data, System settings, Distributed Environment settings, and User access.

Account menu

Use the Account menu to edit your account settings or log out of this Splunk installation. The Account menu is called "Administrator" because that is the default user name for a new installation. You can change this display name by selecting Edit account and changing the Full name. Other settings you can edit include: the time zone settings, the default app for this account, and the account's password.

This image shows the Account menu in Splunk Enterprise. The choices on the menu are Account Settings, Preferences, and Logout.

Messages menu

All system-level error messages are listed on the Messages menu. When you have a new message to review, a numerical notification appears next to the Messages menu. The notification indicates the number of messages that you have.

This image shows the Messages menu on the Splunk bar. In front of the Messages menu, is a blue circle with the number two inside the box.

Activity menu

The Activity menu lists shortcuts to the Jobs and Triggered alerts views.

  • Click Jobs to open the search jobs manager window, where you can view and manage currently running searches.
  • Click Triggered Alerts to view scheduled alerts that are triggered.

Help

Click Help to see links to Video Tutorials, Splunk Answers, the Splunk Support Portal, and online Documentation.

Find

Use Find to search for objects within your Splunk deployment. Find performs matches that are not case sensitive on the ID, labels, and descriptions in saved objects. For example, if you type error, it returns the saved objects that contain that term.

This image shows the word "error" typed into the Find search box. The results that appear are a mix if built-in and saved object, such as reports and dashboards.

These saved objects include Reports and Dashboards. The results appear in the list separated by the categories where they exist.

You can also run a search for error in the Search & Reporting app by clicking Open error in search.

See also

About the Search app

Last modified on 03 April, 2023
PREVIOUS
Get started with Search
  NEXT
About the search language

This documentation applies to the following versions of Splunk® Enterprise: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters