Splunk® Enterprise

Search Tutorial

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Navigating Splunk Web

Let's get acquainted with the Splunk user interface.

Splunk Web is the primary interface for searching, problem investigation, reporting on results, and administrating Splunk deployments.

About Splunk Home

Splunk Home is the initial page in Splunk Web. Splunk Home is an interactive portal to the data and applications that you can access from your Splunk instance. The main parts of the Splunk Home page are the Apps panel, the Explore Splunk panel, and the Splunk bar.

Splunk Cloud Platform
The following screen image shows the Splunk Home page for Splunk Cloud Platform:

This image shows the Splunk Home page for Splunk Cloud Platform. The Apps panel extends the full length of the left side of the window. The Splunk bar is at the top of the window. The  Explore Splunk panel contains several large icons.

Splunk Enterprise
The following screen image shows the Splunk Home page for Splunk Enterprise:

This image shows the Splunk Home page for Splunk Enterprise. The Apps panel extends the full length of the left side of the window. The Splunk bar is at the top of the window. The  Explore Splunk panel contains several large icons.


Apps panel

The Apps panel lists the applications that are installed on your Splunk instance. The list shows only the apps that you have permission to view.

When you first open Splunk Web, you see Search & Reporting in the Apps panel. The Search & Reporting app is sometimes referred to as simply the Search app. There might be other apps listed on the Apps panel if other applications are installed on your computer.

Explore Splunk panel

The Explore Splunk panel contains links to pages to help you get started.

Splunk bar

The Splunk bar appears on every page in Splunk Web. You use this bar to switch between apps, configure your Splunk deployment, view system-level messages, and monitor the progress of search jobs.

  1. On the Splunk Home page, click Search & Reporting in the Apps Panel to open the Search app.
    When you are in an app, the Applications menu displays in the Splunk bar. You can use the Applications menu to switch between apps.

    Splunk Cloud Platform
    The following image shows Splunk bar in Splunk Cloud Platform.
    This image shows the Splunk bar in Splunk Cloud Platform. From left to right, the first item on the Splunk bar is the Splunk logo. The second item is the Applications menu.
    Splunk Enterprise
    The following image shows the Splunk bar in Splunk Enterprise.
    This image shows the Splunk bar in Splunk Enterprise. From left to right, the first item on the Splunk bar is the Splunk logo. The second item is the Applications menu. To the right are several other menus, such as Account, Messages, Settings, and so forth.
    We will explore the Search app in detail. For now, let's return to Splunk Home.
  2. Click the Splunk logo on the Splunk bar.
    Regardless of where you are in an app, you can always click the Splunk logo to return to Splunk Home.

Other Splunk bar menus

In addition to the Applications menu, the Splunk bar has several other menus. Let's explore a few of them.

Account menu

Use the Account menu to edit your account settings, set your preferences, and to logout.

Splunk Cloud Platform
The Account menu displays Splunk Administrator.
  1. Select Splunk Administrator > User Settings.
    This image shows the Account menu in Splunk Cloud Platform. The choices on the menu are User Settings, Preferences, and Logout.

  2. In the Full name field, you can type your name or a nickname, or leave it as is. For this tutorial, we will not change the other settings.
  3. Click Save.
  4. Click the Splunk logo to return to Splunk Home.
Splunk Enterprise
The Account menu displays Administrator. It shows Administrator initially, because that is the default user name for a new installation.
  1. Select Administrator > Account Settings.
    This image shows the Account menu in Splunk Enterprise. The choices on the menu are Account Settings, Preferences, and Logout.
  2. In the Full name field, you can type your name or a nickname, or leave it as is. For this tutorial, you will not change the other settings.
  3. Click Save.
  4. Click the Splunk logo to return to Splunk Home.

Messages menu

All system-level error messages are listed on the Messages menu. When you have a new message to review, a numerical notification appears next to the Messages menu. The notification indicates the number of messages that you have.

This image shows the Messages menu on the Splunk bar. In front of the Messages menu, is a blue circle with the number two ( 2 ) inside the box.

Assistance

The menu that you use to get help with the Splunk software depends on the Splunk platform that you are using.

Splunk Cloud Platform
The Support & Services menu contains a set of links to Splunk Answers, the Documentation home page, and the Splunk Support and Services page. You can also search the online documentation.
Splunk Enterprise
The Help menu contains a set of links to the product release notes, tutorials, Splunk Answers, and the Splunk Support and Services page. You can also search the online documentation.

Other menus on the Splunk bar

You will explore the other menus on the Splunk bar later in this tutorial.

Next step

This completes Part 1 of the Search Tutorial.

You are now familiar with Splunk Web. Continue to Part 2: Uploading the tutorial data.

Last modified on 28 March, 2023
Launch Splunk Web   About uploading data

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters