Splunk is% said to be the Google of machine data. So, searching is the most important set of actions that is performed to retrieve the exact information the user is looking for from the indexes. You will now learn how to make efficient use of search %commands to fetch the relevant and required information precisely from the whole set of data.

The search command

The% search command% is used to search events and filter the result from the indexes. The search command, followed by keywords, phrases, regular expressions, wildcards, and key-value pairs, can be used to fetch filtered events from the indexes.

Mentioned as follows is the syntax for a search command instance:

    <key_value_pairs> or <fields>
 <operators> ...

Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.