Splunk is a powerful platform used for searching, monitoring, and analyzing machine-generated big data via a web-style interface. It helps you visualize and make sense of data from various sources such as application logs, system metrics, and network traffic.

• Open your web browser and go to the Splunk URL provided by your organization (e.g., https://splunk.backyardbandwidth.com:8000).
• Enter your username and password that was provided to you at time of purchase.
• Click on Login to access the Splunk dashboard.

Ingestion in Splunk means collecting and storing data from different sources, like application logs or network traffic, into the Splunk index for searching and analysis.

• Data is broken down into events and stored in indexes for efficient searching.
• Only data that is ingested can be searched or visualized in Splunk.

• Go to the Search & Reporting app from the main dashboard.
• In the search bar, type the query to find the data you need, such as:

  index=[PROVIDED INDEX NAME] [SEARCH QUERY]

  for example searching through index abc for the query "application":

  index=abc application

• To search within a time range, use the time picker on the top right corner.
• Use filters and fields to refine your search results.

• Splunk ingests data based on the sources configured by the administrator.
• As a user, you can limit search results to a specific amount using:

  index=main | head 100

• This command shows the first 100 events matching the search criteria.

• From the Search & Reporting app, run your search query.
• Click on "Save As" and select "Dashboard Panel."
• Provide a title and description, then choose an existing dashboard or create a new one.
• Click on "Save" to add the visualization to your dashboard.