Splunk search uses a powerful query language. Begin with simple filtering by learning how to use the keywords "AND" and "OR".
- [Instructor] The Splunk Search feature…can do a lot more than just matching keywords.…Let's try some simple filtering…using some of Splunk's special search syntax.…First, we'll head over to the Search & Reporting app.…Let's search again for boot and I'll hit enter.…You can see we've got 22 events.…You'll start with the AND keyword.…AND lets you filter results down to more…than a single keyword or a filter condition.…For example, we could type boot AND shutdown…and it will filter our results down to a specific message…from system D.…
Here it is.…Started Update UTMP.…You can see this message has both the word boot and shutdown…in it and can be very useful for simple text searches…like this especially with particularly noisy results…but what if you have the opposite problem?…Rather than trying to narrow the search down,…you want to widen it.…This is where the OR keyword comes in.…AND tells Splunk that you want results…that include both search terms.…OR will include results that have either term.…
So, if we wanna expand our search…
- Installing Splunk
- Filtering search data
- Advanced search syntax
- Creating reports and dashboards
- Creating alerts and actions
- Configuring remote data and multiple data streams
Skill Level Beginner
DevOps Foundations: Monitoring and Observabilitywith Ernest Mueller2h 12m Intermediate
1. Tour of Major Features
3. Reporting and Dashboards
5. Practical Splunk
Next steps1m 57s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.