![]() ![]() As part of the index process, information is extracted from your data and formatted as name and value pairs, called fields. When you add data to the Splunk platform the data is indexed. You can zoom in, zoom out, and change the scale of the timeline chart. The timeline options are located above the timeline. The timeline highlights patterns of events, or peaks and lows in event activity. Peaks or valleys in the timeline can indicate spikes in activity or server downtime. The height of each bar indicates the count of events. As the timeline updates with your search results, there are clusters or patterns of bars. The Timeline of events is a visual representation of the number of events that occur at each point in time. You will learn more about the Selected fields later in the tutorial. The display changes to show the event information column, the timestamp column, and columns for each of the Selected fields. Select the List option and click Table.The Selected fields from the Fields sidebar appear at the bottom of each event. If the event does not contain a timestamp, the indexing process adds a timestamp that is the date and time the event was indexed. When events are indexed, the timestamp in the event is extracted. Click the greater than ( > ) symbol to expand the display. Use the event information column to expand or collapse the display of the event information. The List display option shows the event information in three columns. In each event, the matching search terms are highlighted. The Events tab displays the Timeline of events, the Display options, the Fields sidebar, and the Events viewer.īy default, the events appear as a list that is ordered starting with the most recent event. Later in this tutorial, you will learn about the other tabs. In the early parts of this tutorial, you will work with the Events tab. The type of search commands that you use determines which tab the search results appear on. This search retrieves 427 matching events.īelow the Search bar are four tabs: Events, Patterns, Statistics, and Visualization. NOT clauses are evaluated before OR clauses. When evaluating Boolean expressions, precedence is given to terms inside parentheses. The asterisk ( * ) character is used as a wildcard character to match fail, failure, failed, failing, and so forth. Notice that you must capitalize Boolean operators. Click the Search icon to the right of the time range picker to run the search. ![]() Tip: Instead of typing the search string, you can copy and paste the search from this tutorial directly into the Search bar.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |