Find something in Splunk

Then how can we do the search thing?
First of all, we should find “Datasets” then Click “Click Table View”. Then we could see the data repository in Splunk. This time you can return the Search Page.
Choose the one you need, input the below content in your search bar.

index=<your repository>

You also could use * to match the most close one.
For example:

index="abc*"

如果想要在搜索里进行筛选，需要在上面event查找到可用的field
Example in EVENT:

{ [-]
   Tenant: DefaultTenant
   category: AdvancedHunting-AlertEvidence
   operationName: Publish
   properties: { [+]
   }
   tenantId: abc123xxx
   time: 2023-10-30T02:11:42.2937933Z
} 

If you wanna find the category is AdvancedHunting-AlertEvidence, then should add one space and category=”AdvancedHunting-AlertEvidence”.

index="abc*" category="AdvancedHunting-AlertEvidence".