About searching and reporting using Splunk Light
This topic contains and overview of searching and reporting.
After getting data in, you can run searches to:
- Learn more about the data you just added.
- Investigate to find the root cause of an issue.
- Summarize your search results into a report, whether tabular or another visualization format.
- Save and share the report.
Raw event searches are searches that retrieve events from one or multiple indexes and are done when you want to analyze a problem. For example, searches you run to check error codes, correlate events, investigate security issues, and analyze failures do not usually include search commands (except
search, itself), and the results are a list of raw events.
Transforming searches are searches that perform a statistical calculation against a set of results. These are searches where you first retrieve events from an index and then pass them into one or more search commands. These searches will always require fields and at least one of a set of transforming commands. Some examples include: getting a daily count of error events, counting the number of times a specific user has logged in, or calculating the 95th percentile of field values.
See other search topics in this manual, and About Splunk Light Search and Reporting Examples and Scenarios in Search and Reporting Examples.
Reports are created when you save a search for later reuse. You can save reports with data visualizations, such as charts and tables.
Once you create a report, you can:
- Add the report to a dashboard panel.
- Share the report with others by changing its permissions.
- Set the report to run on a schedule and trigger an alert action.
- Print or generate a PDF of the report.
Configure an add-on to add data in Splunk Light
Manage the search experience in Splunk Light
This documentation applies to the following versions of Splunk® Light: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.1612 (cloud service only), 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2