splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 10 LAB · LAB 10 — FIVE BEGINNER QUERIES· week 2
Write 5 beginner SPL queries with stats, top, rare, where, sort.
- ›Open Search.
- ›Write each query, save as Report.
- ›Run with the time picker on last 24h.
Hint: Push filters into the base search — 10× faster than filtering after stats.
New Search
supported: search field=value (wildcards) · stats count by f1,f2 · where field op N · sort -field · top N field · head N · table f1 f2