Splunk Cloud Platform

Search Manual

Get started with Search

This manual discusses the Search & Reporting app and how to use the Splunk search processing language (SPL).

The Search app, the short name for the Search & Reporting app, is the primary way you navigate the data in your Splunk deployment. The Search app consists of a web-based interface (Splunk Web), a command line interface (CLI), and the Splunk SPL.

This image lists the categories of documentation: Getting Started, Search and Report, Administer, Deploy. and Develop.  Within each category are a list of the capabilities that are described in the documentation.

Start Here

If you are new to Splunk Search, the best way to get acquainted is to start with the Search Tutorial. The Search Tutorial introduces you to the Search and Reporting app and guides you through adding data, searching your data, and building simple reports and dashboards.

The Search Tutorial provides a great foundation for understanding Splunk Search.

Getting started in your own environment

After you complete the Search Tutorial, you should learn about the types of data you can explore, how Splunk software indexes data, and about Splunk knowledge objects.

Here are the resources to look at:

Use the Search app effectively

And of course you need to learn how to use the Search app effectively, which is the focus of this manual. This manual contains detailed information about how to search your data.

Basic Search app skills

Detailed Search information

Search command reference

For a catalog of search commands and arguments that make up the Splunk SPL, see the Search Reference.

Distributed Search

If you are using Splunk Enterprise, distributed search provides a way to scale your deployment by separating the search management and presentation layer from the indexing and search retrieval layer. For an introduction to distributed search, see the Distributed Search Manual.

See also

Navigating Splunk Web
Using Splunk Search
Last modified on 05 May, 2021
  Navigating Splunk Web

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters