- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tb5821
Communicator
08-30-2012
05:49 AM
I have a field called 'err_msg' this field contains a long line which consists of the error as well as the file name and other details surrounding that error. What I'm looking for is the ability to do a 'fuzzy' search in splunk on err_msg so that it will lump similar errors together. Is this possible?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lpolo
Motivator
08-30-2012
06:14 AM
Did you try the cluster search command?
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Cluster
See also:
anomalies, anomalousvalue, kmeans, outlier
It might help you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lpolo
Motivator
08-30-2012
06:14 AM
Did you try the cluster search command?
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Cluster
See also:
anomalies, anomalousvalue, kmeans, outlier
It might help you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tb5821
Communicator
08-30-2012
06:46 AM
Thanks looks like cluster will do the trick!
