Splunk Tutorial
Selected Reading
- Splunk - Discussion
- Splunk - Useful Resources
- Splunk - Quick Guide
- Splunk - Stats Command
- Splunk - Top Command
- Splunk - Sort Command
- Splunk - Monitoring Files
- Splunk - Custom Chart
- Splunk - Removing Data
- Splunk - Apps
- Splunk - Tags
- Splunk - Calculated Fields
- Splunk - Managing Indexes
- Splunk - Sparklines
- Splunk - Overlay chart
- Splunk - Basic Chart
- Splunk - Event Types
- Splunk - Search Macros
- Splunk - Subseraching
- Splunk - Knowledge Management
- Splunk - Schedules and Alerts
- Splunk - Lookups
- Splunk - Pivot & Datasets
- Splunk - Dashboards
- Splunk - Reports
- Splunk - Transforming commands
- Splunk - Search Optimization
- Splunk - Search Language
- Splunk - Sharing and Exporting
- Splunk - Time Range Search
- Splunk - Field Searching
- Splunk - Basic Searching
- Splunk - Source Types
- Splunk - Data Ingestion
- Splunk - Interfaces
- Splunk - Environment
- Splunk - Overview
- Splunk - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Splunk - Basic Searching
Splunk - Basic Search
Splunk has a robust search functionapty which enables you to search the entire data set that is ingested. This feature is accessed through the app named as Search & Reporting which can be seen in the left side bar after logging in to the web interface.
On cpcking on the search & Reporting app, we are presented with a search box, where we can start our search on the log data that we uploaded in the previous chapter.
We type the host name in the format as shown below and cpck on the search icon present in the right most corner. This gives us the result highpghting the search term.
Combining Search Terms
We can combine the terms used for searching by writing them one after another but putting the user search strings under double quotes.
Using Wild Card
We can use wild cards in our search option combined with the AND/OR operators. In the below search, we get the result where the log file has the terms containing fail, failed, failure, etc., along with the term password in the same pne.
Refining Search Results
We can further refine the search result by selecting a string and adding it to the search. In the below example, we cpck over the string 3351 and select the option Add to Search.
After 3351 is added to the search term, we get the below result which shows only those pnes from the log containing 3351 in them. Also mark how the time pne of the search result has changed as we have refined the search.
Advertisements