Understanding Search

To successfully use Splunk, it is vital that you write effective searches. Using the index efficiently will make your initial discoveries faster, and the reports you create will run faster for you and for others. In this chapter, we will cover the following topics:

• How to write effective searches
• How to search using fields
• Understanding time
• Saving and sharing searches
• Event annotation