Chapter 2. Understanding Search

To successfully use Splunk, it is vital that you write effective searches. Using the index efficiently will make your initial discoveries faster, and the reports you create will run faster for you and for others. In this chapter, we will cover the following topics:

How to write effective searches
How to search using fields
Understanding time
Saving and sharing searches

Using search terms effectively

The key to creating an effective search is to take advantage of the index. The Splunk index is effectively a huge word index, sliced by time. The single most important factor for the performance of your searches is how many events are pulled from the disk. The following few key points should be committed to memory:

Search terms ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Chapter 2. Understanding Search

Using search terms effectively

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly