The Search Cave • Room 3

🖥️ SPL Lab: Your First Search

Time to write your first SPL query! Below is a simulated Splunk search bar. Type in a search that retrieves web log events with a status code of 404.

Remember: start with the index, then filter by the field values you need.

Hint Format

index=<index_name> <field>=<value>

Field values are case-sensitive. Status codes are numeric, so no quotes needed.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Write a search that finds all 404 errors in the web_logs index.

Splunk Search Bar