After demonstrating the amazing features and capabilities of Splunk to numerous clients over the past couple years, I find that people still perceive it to be a very disruptive technology. So much so, it’s still difficult for some to truly understand the magic of Splunk.

They ask me “How is it that I can feed Splunk any kind of IT data I want, log files, SNMP traps, alerts, configuration files, xml, whatever, and know it will be indexed correctly?”

The answer is one of most powerful features of Splunk called Universal Indexing and, hopefully by the time you finish reading this article, you will have a better understanding of what that is and why it’s so powerful.

To start down that path to understanding, I would like you to think about Yoda.

Yeah, that’s right, Yoda from the Star Wars movies. You know, he’s that short funny-looking wrinkly green muppet character that speaks in a severely mixed-up manner. Remember him now?

Now what does Yoda have to do with Universal Indexing, you ask? Well, it’s not so much about Yoda, really, as it is about how Yoda talks.

That’s right! It’s “on fire” folks! Hotter than the sun! Burning its way into the thoughts and minds and data centers across the world.

Unfortunately, what I wanted to talk about today is not related to how hot Splunk is, but rather a very special and sometimes misunderstood character called “the pipe”. For most of us tech geek types, the pipe is our friend. We use it all the time at the command-line to make efficient use of our tools and our time. For non-techie folks, it may be more mysterious or intimidating concept, so I felt it might be a good topic to discuss and demonstrate just what it is and how to use it in the Splunk search box.

Also known as the vertical bar character, the pipe (|) allows you to create simple yet powerful ad-hoc Splunk searches. You might think of it as if it were an actual pipe where things flow into one end and then flow back out the opposite end. Within the context of Splunk searches, the “things” that flow in and out of the pipe are your IT events.