Splunk Search Processing Language | TryHackMe Splunk: Exploring SPL

We covered an introduction to Splunk Search Processing Language (SPL) and discussed the basic commandsand various types of functions used in comparison, boolean and logical operations. Splunk Search Processing Language is used to execute commands and functions to extract useful insights from the logs ingested into the SIEM. These insights help cyber security analysts and incident responders to paint a picture around what happened and the nature of the cyber incident. This was part of TryHackMe Splunk: Exploring SPL room.

Splunk SIEM Field Notes

Splunk SIEM Full Course with Practical Scenarios

Highlights

Splunk is a powerful SIEM solution that provides the ability to search and explore machine data. Search Processing Language (SPL) is used to make the search more effective. It comprises various functions and commands used together to form complex yet effective search queries to get optimized results.

Splunk Search Processing Language is the language used to perform search operations in Splunk. SPL or Splunk processing language consists of keywords, quoted phrases, Boolean expressions, wildcards,parameter/value pairs, and comparison expressions.
Unless you’re joining two explicit Boolean expressions, omit the AND operator because Splunk assumes the space between any two search terms to be `AND

Room Answers

Room answers can be found here.

Video Walkthrough