Databases Reference
In-Depth Information
Downloading the example code
You can download the example code iles for all Packt topics you have
purchased from your account at
http://www.PacktPub.com
. If you
purchased this topic elsewhere, you can visit
http://www.PacktPub.
com/support
and register to have the files e-mailed directly to you.t
Clicking to modify your search
Though you can probably figure it out by just clicking around, it is worth discussing
the behavior of the GUI when moving your mouse around and clicking.
• Clicking on any word or field value will add that term to the search.
• Clicking on a word or field value that is already in the query will remove
it from the query.
• Clicking on any word or field value while holding down
Alt
(option on the
Mac) will append that search term to the query, preceded by
NOT
. This is a
very handy way to remove irrelevant results from query results.
Event segmentation
In
Chapter 1
,
The Splunk Interface
, we touched upon this setting in the
Options
dialog.
The different options change what is highlighted as you mouse over the text in the
search results, and therefore what is added to your query when clicked on. Let's see
what happens to the phrase
ip=10.20.30.40
with each setting:
•
inner
highlights individual words between punctuation. Highlighted items
would be
ip
,
10
,
20
,
30
, and
40
.
•
outer
highlights everything between whitespace. The entire phrase
ip=10.20.30.40
would be highlighted.
•
full
will highlight everything from the beginning of the block of text as you
move your mouse. Rolling from left to right would highlight
ip
, then
ip=10
,
then
ip=10.20
, then
ip=10.20.30
, and finally
ip=10.20.30.40
. This is the default
setting and works well for most data.
•
raw
disables highlighting completely, allowing the user to simply select the
text at will. Some users will prefer this setting as it takes away any unexpected
behavior. It is also slightly faster as the browser is doing less work.
Field widgets
Clicking on values in the field picker or in the field value widgets underneath an
event will append the field value to a query. For instance, if
ip=10.20.30.40
appears
under your event, clicking on the value will append
ip=10.20.30.40
to your query.
Search WWH ::
Custom Search