Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
Splunk User Manual (Splunk v2.0)
Tutorial
Search Results—Everything's Clickable
Look at the components of each search result. The event itself is at the top. It can be a terse log file entry, or multi-line application stack trace. For each result, Splunk displays its event type, source type, host and source, as well as a timestamp. Splunk also adds links for Similar and Related, plus options to Show Source and Look up Event. All of these values and links are clickable. The downward-pointing arrows next to some values are buttons that activate popup menus.
Click combinations
Search for term: click
Restrict the current search further by the clicked term: Ctrl-click (On Macs, cmd-click)
Remove term from current search: Ctrl-click it again (On Macs, cmd-click)
Search for negative term (e.g. NOT apache): Alt-click (On Macs, option-click)
Add negative term (e.g. NOT apache) to search: Ctrl-alt-click (On Macs, cmd-option-click)
The fastest way to find obscure events is to start with a simple, broad search and then remove terms that don't match using Ctrl-Alt-click. (On Macs, cmd-option-click.) We call this "removing the noise."
No comments have been submitted.