This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.2
The search scrum implements new, and improves existing searching capabilities.
During the course of Preview's development, the developers working on these features will be blogging about their work. Check the following blog for tips, tricks, and additional information:
There are changes to how SplunkWeb and the search language work. See what's new Documentation:preview:SearchImprovements:latest.
Splunk's strptime() parser now handles more granular time specifications. Learn more Documentation:preview:EnhancedStrptimeFormatSupport:latest.
Live Tail lets you monitor a stream of data as it is being indexed in Splunk. It has similar functionality to tail -f in a Unix shell, and allows you to stream events from a simple keyword search to a browser window.
Learn more about Documentation:preview:LiveTail:latest.
Check out some of the powerful Documentation:preview:NewSearchCommands:latest that have been added. Also, see changes made to existing commands.
To make handling data structures simpler when writing search commands, the input format has been standardized to be an Excel-flavored CSV format (Excel with headers).