Clicking to modify your search
Though you can probably figure it out by just clicking around, it is worth discussing the behavior of the GUI when moving your mouse around and clicking.
- Clicking on any word or field value will give you the option to Add to search or Exclude from search (the existing search) or (create a) New search:
- Clicking on a word or a field value that is already in the query will give you the option to remove it (from the existing query) or, as above, (create a) new (search):
Event segmentation
In previous versions of Splunk, event ...
Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.