If you want to try sifting through the AOL data, install the latest Firefox browser or use Internet Explorer 6. Then go to splunkd.com and click on one of the sites on the "Mirror List." If you're behind a firewall, the URLs with numbers in them ("www.ocs.net:8000") might not work. Once you click, wait a minute for the Splunk interface to load itself into your browser. You should see a search box at the top and something like "36,389,577 events indexed" below it.
To search AOL records, type something into the search box. As you type, a panel will appear that lists the number of possible results for what you've typed so far, such as "slate (2766)." That's a good way to quickly see how many searches for a particular word are in AOL's logs.
After typing a word or two, click the ">" button at the right to run your search. The results page looks like a cross between Google and a nuclear reactor console—a hip, stylish Web 2.0 reactor, of course. For help with the interface, click on "Cheat Sheet" at the upper right. You can also pop open the Splunk Assistant in the lower right corner for as-you-go hints. If all else fails, read the manual. Yes, "Splunk" is a pun on "spelunking," as in data mining.
The format of each search log entry is: user number, search term, time stamp. If the user clicked on one of their search results, there are two more fields: the results rank and the URL of the link they clicked. The results are easier to read if you find Splunk's Preferences menu and turn off Show Event Meta Data—you're not troubleshooting a denial of service attack.