This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
« Previous  |   Table of Contents   |   Next »

Splunk User Manual (Splunk v2.0)

Splunk Search Interface

Clicking on Splunk Terms

You can perform these click actions on any part of an event in your search results— segments, meta data such as sourcetype::syslog, and links such as Similar.

Search for term: click

Restrict the current search further by the clicked term: Ctrl-click (On Macs, cmd-click)

Remove term from current search: Ctrl-click it again (On Macs, cmd-click)

Search for negative term (e.g. NOT apache): Alt-click (On Macs, option-click)

Add negative term (e.g. NOT apache) to search: Ctrl-alt-click (On Macs, cmd-option-click)

The fastest way to find obscure events is to start with a simple, broad search and then remove terms that don't match using Ctrl-Alt-click. (On Macs, cmd-option-click.) We call this "removing the noise."

« Previous  |   Table of Contents   |   Next »

Comments

No comments have been submitted.

close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: