Splunk Search Tips Cheatsheet

Searching in Splunk gets really interesting if you know the most commonly used and very useful command sets and tips. This Splunk Cheatsheet will be handy for your daily operations or during troubleshooting a problem. Type these commands in the splunk search bar to see the results you need.

  1. List all the Index names in your Splunk Instance
  2. List all the Index names in your Splunk Instance
  3. List all hosts that are logging to a particular index. In this example ,we use apachelog as the index.
  4. List all hosts that log to an index with eventcount per host. You can change the key word “host” to use “ip” too, based on your need.
  5. Sort by a field in the event ouput log
  6. Print the ouput event log in reverse order ( ascending order based on time )
  7. Print only the first 10 results from the eventlog
  8. Return only the last 10 resutls from the eventlog
  9. How to search a pattern on multiple splunk indexes in a single query ? Examples :
  10. How to search a pattern and sort by count. This query will sort the results based on the output field “count”.