Splunk - Basic Search




Splunk - Basic Search

Splunk has a robust search functionality which enables you to search the entire data set that is ingested. This feature is accessed through the app named as Search & Reporting which can be seen in the left side bar after logging in to the web interface.

Splunk - Basic Search

On clicking on the search & Reporting app, we are presented with a search box, where we can start our search on the log data that we uploaded in the previous chapter.

We type the host name in the format as shown below and click on the search icon present in the right most corner. This gives us the result highlighting the search term.

Splunk - Basic Search

Combining Search Terms

We can combine the terms used for searching by writing them one after another but putting the user search strings under double quotes.

Splunk - Basic Search

Using Wild Card

We can use wild cards in our search option combined with the AND/OR operators. In the below search, we get the result where the log file has the terms containing fail, failed, failure, etc., along with the term password in the same line.

Splunk - Basic Search

Refining Search Results

We can further refine the search result by selecting a string and adding it to the search. In the below example, we click over the string 3351 and select the option Add to Search.

After 3351 is added to the search term, we get the below result which shows only those lines from the log containing 3351 in them. Also mark how the time line of the search result has changed as we have refined the search.

Splunk - Basic Search



Frequently Asked Questions

+
Ans: Splunk - Source Types view more..
+
Ans: Splunk - Data Ingestion view more..
+
Ans: Splunk - Interface view more..
+
Ans: Splunk - Basic Search view more..
+
Ans: Splunk - Field Searching view more..
+
Ans: Splunk - Time Range Search view more..
+
Ans: Splunk - Sharing Exporting view more..
+
Ans: Splunk - Search Language view more..
+
Ans: Splunk - Search Optimization view more..
+
Ans: Splunk - Transforming Commands view more..
+
Ans: Splunk - Reports view more..
+
Ans: Splunk - Dashboards view more..
+
Ans: Splunk - Pivot and Datasets view more..
+
Ans: Splunk - Lookups view more..
+
Ans: Splunk - Schedules and Alerts view more..
+
Ans: Splunk - Knowledge Management view more..
+
Ans: Splunk - Subsearching view more..
+
Ans: Splunk - Search Macros view more..




Rating - NAN/5
540 views

Advertisements