This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
« Previous  |   Table of Contents   |   Next »

Splunk User Manual (Splunk v2.0)

Tutorial

The Splunk Box

At the top of the Splunk interface is a box that looks like any Web search engine. We call it the Splunk box.

Use Splunk the same way you do Web search engines. Don't try to devise the perfect command or query the first time. Instead, start with your best instant guess, then refine your search.

Below is a simple example.

Below is an overly complicated example that shows off Splunk's search syntax.

Syntax

See the reference sections on Splunk box syntax and Splunk modifiers for complete lists of the supported syntax, operators and modifiers you can use to Splunk constructively.

Cheat Sheet

Click on "Cheat Sheet" in the upper right corner of Splunk's interface to pop up a one-page guide to Splunk's command syntax.

« Previous  |   Table of Contents   |   Next »

Comments

No comments have been submitted.

close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: