Launch search app

Now that we’ve included some data in Splunk, we can show you how to search the indexed events. This can be done from the Search app. To launch it, click the Search & Reporting icon:

launch search app

You should be greeted with the Search summary view:

search summary view

The Search summary view consists of the following elements:

  • App bar – enables you to navigate between the different views in the Search & Reporting app: Search, Pivot, Reports, Alerts, and Dashboards.
  • Search bar – used to execute your searches.
  • Time range picker – used to select a specific time period that will be searched.
  • How to search panel – contains links to the Search Tutorial and Search Manual.
  • What to search panel – displays a summary of the data that is installed on this Splunk instance.
  • Search history – displays your search history.

To run your searches, you need to enter the search string and hit enter or click the spyglass icon to the right of the time range picker. We will describe the process of searching in the next chapters.

Geek University 2021