This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
Splunk User Manual (Splunk v2.0)
Event Types and Tags
Similar
Splunk defines similar events as those whose patterns are different, but not too different. Maybe one has an extra segment in it, or only two out of a dozen segments aren't of the same pattern. Different levels of log events from the same application are usually similar. They may have no segment values in common yet they're clearly worth looking at together if you're trying to find the source of a problem.
eventtype::?17-3
This means "events that are within 3 degrees of separation from event type 17." You can type this syntax into the Splunk box yourself, using values from 1 to 9.
No comments have been submitted.