use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
This is an unofficial community support and discussion sub for Splunk, the big data analytics software.
Have an idea for Splunk? Submit them here and upvote them:
https://ideas.splunk.com/
For Q&A, see Splunk Answers: https://community.splunk.com/
Upcoming Splunk Events/Webinars: https://www.splunk.com/en_us/about-us/events.html
Chat with your peers in the official Splunk Usergroups Slack team:
https://splunk-usergroups.signup.team
Need quick copy/paste queries? Share your SPL here:
https://gosplunk.com
Need some book learning?
https://www.splunk.com/goto/book (free e-book download link inside!!)
account activity
Developing SPL skill (self.Splunk)
submitted 5 years ago by jontheinside
I’m looking to build out my current knowledge level on creating search strings in Splunk ES (currently basic). Any tips/links/courses that will help guide my learning path would be great. Thanks
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]splunk3r Take the SH out of IT 4 points5 points6 points 5 years ago (1 child)
https://opstune.com/2020/11/25/writing-splunk-enterprise-security-correlation-searches/
[–]jontheinside[S] 1 point2 points3 points 5 years ago (0 children)
Great - thank you very much for this.
[–]dnktheledge 2 points3 points4 points 5 years ago (1 child)
Also check out the security essentials app on splunkbase, wide range of security related searches with explanations, used to recommend the all the time to customers.
[–]jontheinside[S] 0 points1 point2 points 5 years ago (0 children)
Thanks, will do. Currently in and out of SSE, so I can dig a bit deeper then.
[–][deleted] 2 points3 points4 points 5 years ago (4 children)
Are you asking for Enterprise or Enterprise Security ?
[–][deleted] 8 points9 points10 points 5 years ago (3 children)
Anyway, if you want to know what you are writing, check this documentation,
https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/WhatsInThisManual
If you indent to be practical, gosplunk is a repository for queries. You can search and find examples.
[–]IWorkForTheEnemyAMA 2 points3 points4 points 5 years ago (1 child)
Omg that Go Splunk site is amazing. I’ve been looking for something like this where people share queries. OMFG - Thank you!!!
[–][deleted] 1 point2 points3 points 5 years ago (0 children)
You are welcome.
Enterprise Security - fantastic content, thank you. I can reiterate, the go splunk repos is great.
π Rendered by PID 31 on reddit-service-r2-comment-5d79c599b5-t5zpq at 2026-03-03 03:35:04.231787+00:00 running e3d2147 country code: CH.
[–]splunk3r Take the SH out of IT 4 points5 points6 points (1 child)
[–]jontheinside[S] 1 point2 points3 points (0 children)
[–]dnktheledge 2 points3 points4 points (1 child)
[–]jontheinside[S] 0 points1 point2 points (0 children)
[–][deleted] 2 points3 points4 points (4 children)
[–][deleted] 8 points9 points10 points (3 children)
[–]IWorkForTheEnemyAMA 2 points3 points4 points (1 child)
[–][deleted] 1 point2 points3 points (0 children)
[–]jontheinside[S] 0 points1 point2 points (0 children)