Use the Save menu to save the search, save the results, or save and share the results. The Job inspector icon takes you to the Job inspector page, which shows details about your search, such as the execution costs of your search, debug messages, and search job properties. Watch this Splunk Tutorial for Beginners video: In contrast, canceling a search stops it from running, discards the results, and clears them from the screen.
Finalizing a search stops it before it completes, but retains the results to that point and so you can view and explore it in the search view.
Clicking that button resumes the search from the point where you paused it. While the search is paused, the icon changes to a play button.
Pausing a search temporarily stops it and lets you explore the results to that point. If you want to check on the job in the meantime, or at a later time, click the Jobslink at the top of the page. When the job is done, a notification appears on your screen if you’re still logged in otherwise, Splunk emails you (if you’ve specified an email address). When you click Send to background, the search bar clears and you can continue with other tasks. Sending a search to the background lets it keep running to completion on the server while you run other searches or even close the window and log out. But if you’re running a search that takes a long time to complete, you can use these icons to control the search progress: If you haven’t run a search, or if your search has finished, they are inactive and greyed out. The search job controls are only active when a search is running. When you start typing in the search bar, context-sensitive information appears below, with matching searches on the left and help on the right. Beneath the Raw text of each event are any fields selected from the Fields sidebar for which the event has a value. Events are ordered by Timestamp, which appears to the left of each event. Results area: This shows the events from your search. When Splunk executes a search and field discovery is on, Splunk attempts to identify fields automatically for the current search. Field discovery switch: Turns automatic field discovery on or off. This menu also allows you to add a field to the results. Fields sidebar: Relevant fields along with event counts. Timeline: A graphic representation of the number of events matching your search over time. For example, entering an asterisk (*) in the search bar retrieves all the data in your default indexes. When a search is kicked off, the results almost immediately start displaying. If you click the Search option or enter a search in the search bar, the page switches to the Search dashboard (sometimes called the timeline or flashtimeline view). Interested in learning Splunk? Enroll in our Splunk Training now! The Search Dashboard Searches & Reports lists your saved searches and reports. Dashboards & Views list your dashboards and views. Status lists dashboards on the status of your Splunk instance. Search leads to the main search interface, the Search dashboard. Search navigation menus near the top of the page include:. The Hosts panel shows which host your data came from. The Source types panel shows the types of sources in your data. The Sources panel shows which files (or other sources) your data came from. 
The next three panels show the most recent or common values that have been indexed in each category:
The All indexed data panel displays a running total of the indexed data. For real-time streaming data, you can select an interval to view, ranging from 30 seconds to an hour. You can see events from the last 15 minutes, for example, or any desired time interval. The time range picker to the right of the search bar permits time range adjustment. The search bar at the top is empty, ready for you to type in a search. If you’re on the Splunk Home tab, click Search under Your Apps. Click the Launch search app on the Splunk Welcome tab. The Summary dashboard gives you a quick overview of the data visible to you. 
Splunk Installation is the first step to the goal of searching with Splunk. It can mean filtering, summarizing, and visualizing a large amount of data, to answer your questions about the data. The goal of search is to help you find exactly what you need.
0 kommentar(er)
