Search Library Overview

Search Library

Splunk Processing Language, or SPL, is what is used to query the data that Splunk has ingested. SPL is complex and can be a challenge for many customers trying to adopt Splunk. Search Library is a collaboration tool that allows Splunk users to take advantage of an extensive library of optimized searches that come with the App as well as manage their own searches. Search Library comes with 80+ powerful searches that work with CIM compliant data and API calls to enable teams to get value out of Splunk quickly. Each search comes with a description and an explanation to further elaborate what the search achieves. Users and Admins can also add their own searches to the library, to share searches that are relevant for their own use cases and assist new users in interacting with their data.

Search Library Capabilities

• Includes 80+ pre-built searches with defined explanations and descriptions, to enable users to quickly find outcomes from their Splunk instance

• Provides the ability to inventory, categorize, share, and launch Searches within Splunk Enterprise

• Integrated workflow for Admins to review submissions before being added to the Search Library

• Sort and search items in Search Library by Data Model, Source Type, Tags, and other relevant metadata flags

• Search Activity Report that identifies recent searches which enables quickly adding already executed searches to Search Library