Searching in Splunk

When you are building the search criteria, click the field and value in the search result to add it to the search.

 

Wildcard character

  • * (asterisk) one or multiple characters

Exact phrases

  • Use ” (double¬†quotes)

Search for quotes

  • \” (use backslash to escape quotes if you want to¬†search for quotes)

Keywords in the search bar are case sensitive!

Boolean keywords are

  • AND (if omitted, it is implied)
  • OR
  • NOT

Order of boolean evaluation

  1. Inside parentheses ()
  2. NOT
  3. OR
  4. AND

Operators

  • =
  • !=
  • >
  • >=
  • <
  • <=