Splunk Search

Fuzzy Search

tb5821
Communicator

I have a field called 'err_msg' this field contains a long line which consists of the error as well as the file name and other details surrounding that error. What I'm looking for is the ability to do a 'fuzzy' search in splunk on err_msg so that it will lump similar errors together. Is this possible?

Tags (1)
0 Karma
1 Solution

lpolo
Motivator

Did you try the cluster search command?

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Cluster

See also:

anomalies, anomalousvalue, kmeans, outlier

It might help you.

View solution in original post

lpolo
Motivator

Did you try the cluster search command?

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Cluster

See also:

anomalies, anomalousvalue, kmeans, outlier

It might help you.

tb5821
Communicator

Thanks looks like cluster will do the trick!

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...