Splunk

Overview

Splunk is a powerful data platform that collects, indexes, searches, and analyzes machine-generated data (logs, metrics, events) from IT systems, applications, and networks, turning it into real-time operational intelligence. It helps organizations gain visibility, detect threats, troubleshoot problems, monitor performance, and automate tasks through customizable dashboards, alerts, and reports, making complex data actionable.

Splunk Search Processing Language (SPL)

Field values are not case sensitive, field names are case sensitive.

Fields

Internal fields

Field

Description

_raw

original raw event data

can be filtered using regex and sort

_time

shows an event's timestamp in UNIX time

Operators

Search Primers

Commands

Transformer Commands

Stats

Stats functions are case sensitive and must be lowercase.

Subsearch

Tips

Sort Order

Macros

Event Order Functions

PreviousSQLi Nextnmap

Last updated 1 month ago

hashtagOverview

hashtagSplunk Search Processing Language (SPL)

hashtagFields

hashtagInternal fields

hashtagOperators

hashtagSearch Primers

hashtagCommands

hashtagTransformer Commands

hashtagStats

hashtagSubsearch

hashtagTips

hashtagSort Order

hashtagMacros

hashtagEvent Order Functions