• About this manual
  • What's in this guide?
• About Splunk
  • About Splunk
  • About Splunk licenses
    • Which license?
    • Install your license
    • License violations
• Tutorial
  • Introduction to Splunk
    • Requirements
    • Log in
    • Splunk Web
    • Command line interface (CLI)
  • Simple searches
    • Index data
    • Search
    • Narrow your search
    • Use the timeline
  • Search results
    • Events and fields
    • Filter on fields
    • Define custom fields
    • Tag fields
    • Collect snapshots
  • Event types
    • Find similar events
    • Save as event type
    • Search for an event type
    • Tag an event type
    • Automated event type discovery
  • Save options
    • Save a search
    • Schedule the search
    • Manage saved searches
  • Reports
    • Report on results
    • Report on fields
    • Build new reports
    • Pick different charts
    • Add a report to your dashboard
  • More searches
    • Report
    • Transform
    • Re-order
    • Filter
    • Evaluate
    • Add a comparison
    • Use subsearches
  • CLI searches
• Use the Splunk Command Line Interface (CLI)
  • Use the Splunk CLI
    • Access help in the CLI
    • CLI commands
  • Search in the CLI
    • CLI Search syntax
    • Asynchronous searches (dispatch CLI command)
    • The maxresults search parameter
• Use form search
  • Use form search
    • Run a form search
• Use Live Tail
  • Use Live Tail
    • Use Live Tail in Splunk Web
    • The Live Tail interface
    • Start Live Tail from the Splunk CLI
    • Current limitations
• Use transaction search
  • Use transaction search
    • Useful transactions
    • The transaction command
    • Example transaction searches
    • Transactions and macro search
    • When to not use transactions
• Use tagging
  • Use tagging
    • Tag fields
    • Tag hosts or sources
    • Tag event types
    • Search for tags
    • Configure roles for tagging
• Use reporting
  • Report gallery
    • Column (or bar) chart
    • Stacked column (or bar) chart
    • Line chart
    • Area chart
    • Stacked area chart
    • Scatter plot
    • Pie graph
    • Doughnut graph
    • Bubble graph
    • Heat map
  • Examples of useful reports
    • Internal Splunk log data
    • System monitoring data
    • Web access data
    • Firewall (or connection) activity
    • Email activity or email transactions
• Search reference
  • Search
    • Generate search results
    • Construct searches
    • Form searches
    • Macro searches
    • Transaction searches
    • Live Tail
    • Tune search performance
  • Search syntax
    • Keyword search
    • Literals
    • Wildcards
    • Punctuation marks
    • Boolean operators
    • Comparison operators
    • Modifiers
    • Fields
  • Search pipeline syntax
    • Search pipeline syntax
    • Subsearch syntax
• Field reference
  • Fields
    • Use fields in Splunk Web
    • Field syntax
    • Field naming
    • Multi-value fields
  • Field list
    • _index
    • _raw
    • _time
    • date_hour
    • date_mday
    • date_minute
    • date_month
    • date_second
    • date_wday
    • date_year
    • date_zone
    • eventtype
    • host
    • linecount
    • punct
    • source
    • sourcetype
    • timestamp
• Modifier reference
  • Modifiers
    • Modifier syntax
    • Modifier precedence
  • Search modifiers
    • eventtypetag
    • hosttag
    • savedsearch
    • tag
  • Time modifiers
    • daysago
    • enddaysago
    • endhoursago
    • endminutesago
    • endmonthsago
    • endtime
    • hoursago
    • minutesago
    • monthsago
    • searchtimespandays
    • searchtimespanhours
    • searchtimespanminutes
    • searchtimespanmonths
    • startdaysago
    • starthoursago
    • startminutesago
    • startmonthsago
    • starttime
    • starttimeeu
    • timeformat
• Search command reference
  • Search commands
    • Commands that support multi-value fields
    • Conventions used in the search reference
  • Data-generating commands
    • file
    • savedsearch
    • search
  • Filtering and re-ordering commands
    • dedup
    • head
    • localize
    • regex
    • reverse
    • set
    • sort
    • tail
    • where
  • Transforming and reporting commands
    • associate
    • chart
    • cluster
    • contingency
    • correlate
    • diff
    • format
    • highlight
    • rare
    • select
    • stats
    • strcat
    • timechart
    • top
    • transaction
    • typelearner
    • xmlunescape
  • Evaluating commands
    • abstract
    • addtotals
    • anomalousvalue
    • bucket
    • convert
    • eval
    • fields
    • fillnull
    • kmeans
    • outlier
    • rename
    • replace
  • Extracting commands
    • extract
    • iplocation
    • multikv
    • rex
    • typer
    • xmlkv
  • Administrative commands
    • admin
    • audit
    • run

User Manual

Choose an item on the left under "Contents"