Did you know you can do crazy useful things with Splunk’s search search language? Sort, use fields, apply wildcards – but even better, it allows you to drill-down into the results using Splunk’s Search interface timeline. This session will show some concrete examples of how to use Splunk with web access and other types of commonly-used data so you can craft simple but powerful searches based on what’s interesting in your data. Learn the basics of the Splunk search language in this beginner class, then move on to the Intermediate and Advanced classes to become a real pro.

1. Search Language - Beginner Dan Plaza, Sr. Instructor

4. Getting started

5. Launching the Search App

6. Summary View current view global stats menus and action links time range picker data sources do it search box

7. Basic Searching

9. Search Results timeline field picker timestamp event data Highlighted search terms

13. Navigating Through Results

14. Navigating Search Results – click Click a term in the events to add it to the search

15. Navigating Results – Alt+Click alt+click a term in the events to remove events with that term from the results

16. Navigating Results – Timeline Click a bar in the timeline to drill-down to events that occurred in that time period

17. Navigating Results – Timeline (cont.) Select all returns to the original timeframe You can also zoom in / zoom out to narrow or broaden the timerange

19. Using Fields

22. Use the Field Picker remove events from results that don’t have the field create reports click on a value to add to the search ALT + click on a value to remove from a search

24. Quick Reporting Click to generate a quick report

25. Saving Searches

29. August 15, 2011 Questions? Dan Plaza, Senior Instructor