I was originally going to title this, “So a guy walks in to a search engine and…” but decided on a more boring title that was a bit more descriptive and easier to find. I’ll save that for another post.
Yesterday, (August 18, 2010) I was on the phone with some folks evaluating Splunk and they asked me a ton of questions. Many of them were about architecture, but some were about search. They asked “how to I make Splunk look a bit more like the Windows Event Viewer?”, “how do I do alerts in a smarter way?”, and “are there ways to make search faster and more efficient?” Verbally, I gave them some hints and said “I’ll send you some screenshots”. Well, you know Wilde (if you don’t, he’s the Splunk Ninja guy who likes to make videos)–screenshots just won’t do for this one.
Tips and Tricks: Search, UI, Filtering and Alerting.
Its a good video for beginners that will show you how to do basic search, but quickly gets in to how fields, event display, filtering, slightly advanced search and alerting works. Even if you have used Splunk for a while, there might be a few things you will learn from this. If you are new to Splunk, do watch this–it will shorten your learning curve.
Fullscreen the video. It will look much better as Splunk has a large web UI.
For those who might have a flash blocker installed preventing the player from loading in your browser (as the movie is right under this message), here is a link to the movie.