I'm sure this is a noobie question but hopefully you guys can help.
I've used splunk for several years now but only as a developer, I've never been on the configuration side of it (our sysadmins always did that). Now I'm with a new group and I'm trying to get it setup the way I remember it, but there are a ton of features and I'm lost as to where to start. We plan to use splunk mainly for development and tracking down application errors.
The main thing I've noticed is that when I do a search, the results are condensed in the way they display and I can't usually see the full stack trace and any nested exceptions that might be related to a given log entry. I have to click on the item and choose 'extract fields' to see these details. The way we used to have it at my old company you could see the full text of the log message, all the stack trace, all the inner exception stack traces, etc and this was ideal for the developers trying to track down bugs. It took up a lot of space for each result but it was very functional for how we wanted to use it. How do I get it to display like this?
thanks
EDIT: update based off comment: in the Options of Search I have that set lines per event to 'All' but it still doesn't show the nested exceptions and stuff. I've tried all the permutations of those Options and its always the same. Is it possible that something about the way my log messages are being formatted (carriage returns or some other delimiting character perhaps?) that is causing it to display like this?
If you look above the events at the bottom there is an 'Options' link. You can select that and choose 'Lines per event'. Increase it to what you need.
yeah I have that set to 'All' but it still doesn't show the nested exceptions and stuff. I've tried all the permutations of those Options and its always the same. Is it possible that something about the way my log messages are being formatted (carriage returns or some other delimiting character perhaps?) that is causing it to display like this?