Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
Splunk User Manual (Splunk v2.0)
Splunk Search Interface
Event Links
Alongside the meta data in each event are two clickable links that perform event-specific actions.
Similar
There may be no matching values in two events yet they're obviously somewhat alike. Similar events are those whose signature data patterns resemble one another, such as different severity level warning messages from the same J2EE application server.
The similar link is useful for finding events whose values and event types you can't guess exactly but to which you can see close approximations in your index.
Related
Other events may have totally different formats yet share matching values, such as an IP address that appears in different parts of two totally dissimilar events. Splunk calls these related events.
Instead of searching again for every single value in a suspicious event, just hit the related link.
Show Source
Click this link to see the full text of an event in its original context, e.g. the syslog message stream from which it was indexed. The source pops up in a second browser window.
Look up Event
Not sure what a particular event is? You can look it up at Splunk Base, where a community of IT professionals have contributed knowledge about individual event types—what application or device created the event, what causes it, and how to fix it if it's broken. You can contribute your own knowledge to let other Splunkers around the world benefit from your experience. See the section on Look up Event for instructions.
No comments have been submitted.