Search

Splunk is said to be the Google of machine data. So, searching is the most important set of actions that is performed to retrieve the exact information the user is looking for from the indexes. You will now learn how to make efficient use of search commands to fetch the relevant and required information precisely from the whole set of data.

The search command

The search command is used to search events and filter the result from the indexes. The search command, followed by keywords, phrases, regular expressions, wildcards, and key-value pairs, can be used to fetch filtered events from the indexes.

Mentioned as follows is the syntax for a search command instance:

<keywords>
    <wildcards>
    <key_value_pairs> or <fields>
    <phrases>
 <operators> ...

Get Advanced Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced Splunk by Ashish Kumar Tulsiram Yadav

Search

The search command

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly