Splunk Search and Reporting

This course is intended to explain the basics of search and reporting. This will help you start with search and reporting.Also help you do understand the basics about the fields. You can create complex search queries by following the best practise.

By default, Splunk Enterprise provides the Search and Reporting app. This interface provides the core functionality of Splunk Enterprise. The Splunk Home page provides a view to the app when you first log into Splunk Web.

It has default app as search and reporting by which you interact with the data, and create reports, alerts, Dashboard etc.

Log processing is one of the core competencies of Splunk. It stores all your logs and provides very fast search capabilities roughly in the same way Google does for the internet device log files.

The Search Processing Language (SPL) for Splunk is an extremely powerful tool for extracting meaning out of vast amounts of data and performing statistical operations on what is relevant in a specific context.

Splunk indexes any kind of machine data that can be represented as text and there is no need to define tables and fields before you can store data. Splunk does not have a fixed schema. In fact, it performs field extraction at search time. This aspect allows for great flexibility.

It does not reduce the granularity of older events, compressing many data points into one because of capacity limits. It can seamlessly index hundreds of terabytes per day and keep practically unlimited amounts of data.

Splunk dashboards allow you to monitor all of your systems at once, so when a problem occurs you can start looking for a solution even before the problem starts bothering the system, or even better, its dashboard allows to clearly look for signs of a possibly arising problem.