Chapter 2. Understanding Search

To successfully use Splunk, it is vital that you write effective searches. Using the index efficiently will make your initial discoveries faster, and the reports you create will run faster for you and others. In this chapter, we will cover:

How to write effective searches
How to search using fields
Understanding time
Saving and sharing searches

Using search terms effectively

The key to creating an effective search is to take advantage of the index. Splunk's index is effectively a huge word index, sliced by time. The single most important factor for the performance of your searches is how many events are pulled from disk. The following few key points should be committed to memory:

Search terms are case insensitive: Searches ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Chapter 2. Understanding Search

Using search terms effectively

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly