![]() ![]() But if you’re running a search that takes a long time to complete, you can use these icons to control the search progress: If you haven’t run a search, or if your search has finished, they are inactive and greyed out. The search job controls are only active when a search is running. When you start typing in the search bar, context-sensitive information appears below, with matching searches on the left and help on the right. Beneath the Raw text of each event are any fields selected from the Fields sidebar for which the event has a value. Events are ordered by Timestamp, which appears to the left of each event. Results area: This shows the events from your search.When Splunk executes a search and field discovery is on, Splunk attempts to identify fields automatically for the current search. Field discovery switch: Turns automatic field discovery on or off.This menu also allows you to add a field to the results. Fields sidebar: Relevant fields along with event counts.Timeline: A graphic representation of the number of events matching your search over time.For example, entering an asterisk (*) in the search bar retrieves all the data in your default indexes. When a search is kicked off, the results almost immediately start displaying. If you click the Search option or enter a search in the search bar, the page switches to the Search dashboard (sometimes called the timeline or flashtimeline view). ![]() Interested in learning Splunk? Enroll in our Splunk Training now! The Search Dashboard Searches & Reports lists your saved searches and reports.Dashboards & Views list your dashboards and views. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |