Clicking to modify your search

Though you can probably figure it out by just clicking around, it is worth discussing the behavior of the GUI when moving your mouse around and clicking.

Clicking on any word or field value will add that term to the search.
Clicking on a word or field value that is already in the query will remove it from the query.
Clicking on any word or field value while holding down Alt (option on the Mac) will append that search term to the query, preceded by NOT. This is a very handy way to remove irrelevant results from query results.

Event segmentation

In Chapter 1, The Splunk Interface, we touched upon this setting in the Options dialog. The different options change what is highlighted as you mouse over the text in the search ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Clicking to modify your search

Event segmentation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly