Database Reference
In-Depth Information
Chapter 2. An Introduction to Indexing
and Searching
In the previous chapter, we showed you how to bring in data from different sources and in-
dex it. Data must be turned into information and made relevant before we can use it suc-
cessfully, as raw data in files or streams won't help us answer the questions that arise while
analyzing the data for our businesses or organizations. We need to collect the data that we
are interested in before we can analyze it. And this is where Splunk's capabilities shine.
In this chapter, we will cover these important next steps for using Splunk:
• Collecting data to search
• How Splunk indexes data
• Using indexed data
• Specifying a sourcetype
• SPL and what it is
• How to perform your own simple search
