How to use the "Pattern" tab in Splunk?

pgadhari · ‎09-01-2016

Hi All,

I want to do text analytics in my data and I am thinking of using the "Pattern" tab for that. Actually, I have a "Description" field for my ticket data, and want to know what are the most common "text" or "Patterns" in that field. Somehow I cannot share the data here. so when I write the search:

index=*** source=**** Description=* and run the Pattern tab, it shows only patterns for sample 1000 events, but I want to show for all of my 25000 records. How can I change the sample events to "25000".

Also, I saw that cluster command can be used for grouping the events with common pattern. Please help me in whether I should be using Pattern tab or Cluster command.

Regards
PG

s2_splunk · ‎09-01-2016

The pattern tab runs searches using the cluster command under the covers and applies some UI post processing to the results. I would recommend you review the documentation for the cluster command here and determine which command options meet your needs best.

pgadhari · ‎09-01-2016

This is quite urgent please...

How to use the "Pattern" tab in Splunk?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

How to use the "Pattern" tab in Splunk?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...