Splunk provides many power search commands — such as sort, fields, transactions — but even better, it allows you to expand things anyway you want, by writing your own search commands.

I’ll show you how to write your own search command.

I don’t think our website makes it painfully clear why you’d want Splunk.
Here is my view why you will want Splunk.

What is Splunk?

Splunk is a search server that indexes all your log files.

If you need to search and troubleshoot log files, you need Splunk. It
handles any log format, including syslog, Apache, Jboss, mysql,
oracle, router data, etc. It parses and indexes in real time.

Grep works fine. Why do I need Splunk?

grep is totally fine for small, simple, local files, but grep doesn’t
work on 20GB of log files, across a dozen servers; doesn’t group
multiline log messages together; doesn’t unify timestamps across
files; doesn’t automatically find related log events; doesn’t show
histograms of log events; doesn’t search gigabytes in seconds; doesn’t
have a cool ajax web interface similar to google.

What are multiline log messages?

As an example, java exceptions look like this: