This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.

« Previous | Table of Contents | Next

Splunk User Manual (Splunk v2.0)

Reference Chapters

Results Page Controls

Many results page controls match those on the home page. These are described above.

The rest of this section describes controls unique to the results page.

Search Results—Everything's Clickable

Each search result is a unique event indexed from source files or streams. Splunk extracts several fields and adds several additional links for each result. Mouse over it to highlight individual segments. Matching values in other segments will highlight in sync.

Remember: Everything's clickable.

Rank

The result's order, from 1 through N. Results are sorted in reverse chronological order for all searches except those that specify a related:: modifier.

Event

The text of the event itself.

Event Type (Tags)

The event's signature pattern of segments. A value of the form ?34 is assigned by the server while loading the data. Users may replace these values with one or more tags entered locally or found through the Look up Event feature. See the section on Event Types and Tags for details and instructions.

Look Up Event

Click this link to look up the current event's event type in Splunk's online community database of documented event types. See the section on Event Types and Tags for details and instructions.

Timestamp

Splunk extracts a timestamp from every event it indexes, or else assigns it one based on its load time. Splunk timestamps are normalized to a standard format and the Splunk host's time zone. You'll still be able to see the original timestamp in your event as well, but Splunk timestamps make searching and sorting easy.

Similar

Click this link to add, remove, or search for events whose event type is somewhat like the current event. Note that Splunk adds a specially formatted eventtype meta data value to your search.

You can edit the final integer to be anywhere from 1 (very similar) to 4 (remotely similar.)

Click this link to add, remove, or search for events with one or more segment values (e.g. 404 or joeuser) that match values in the current event. Note that Splunk adds a specially formatted related modifier to your search.

You cannot modify this term.

Source Type

In the same way it assigns event types to individual events, the server also assigns unique values to each different type of input stream. These values are local to the index. You can rename them to be meaningful, e.g. "cisco_syslog".

Host

The host that generated the event. To prevent errors Splunk doesn't try to deduce host automatically as it does timestamps. The value must be explicitly configured by the system administrator. See the Splunk Admin Manual section on How to Load Your Data for instructions and examples of setting the host value.

Source

The name of the file or stream from which the event was loaded.

Show Source

Click this link if you need the full content of an event. Your browser will pop up a new window (be sure you haven't blocked it) with the original raw data for the event. The popup window has forward/backward arrows so you can step through the original source stream, e.g. a series of maillog events loaded from the same file.

Tabs

Splunk's tabbed results group the results of the current search by the meta data present in each result, sorted in descending order of frequency.

Events

The list of individual events sorted by timestamp, most recent first. Click on any part of the event as described in Search Results above to add, remove, or search for specific values displayed in the results.

Event Types

The list of unique event types found in the search results, sorted in descending order of frequency. Click on an eventtype to add, remove, or search for it.

Source Types

The list of recognized, unrecognized, and user-edited source types in descending order of frequency. Click on a source type to search for it.

Hosts

The list of unique hosts found in the search results, sorted in descending order of frequency. Click on a host value to add, remove, or search for it.

Sources

The list of unique sources found in the search results, sorted in descending order of frequency. Click on a source value to add, remove, or search for it.