O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Clicking to modify your search

Though you can probably figure it out by just clicking around, it is worth discussing the behavior of the GUI when moving your mouse around and clicking.

  • Clicking on any word or field value will add that term to the search.
  • Clicking on a word or field value that is already in the query will remove it from the query.
  • Clicking on any word or field value while holding down Alt (option on the Mac) will append that search term to the query, preceded by NOT. This is a very handy way to remove irrelevant results from query results.

Event segmentation

In Chapter 1, The Splunk Interface, we touched upon this setting in the Options dialog. The different options change what is highlighted as you mouse over the text in the search ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required