Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use the "Pattern" tab in Splunk?

pgadhari
Builder
‎09-01-2016 11:38 AM

Hi All,

I want to do text analytics in my data and I am thinking of using the "Pattern" tab for that. Actually, I have a "Description" field for my ticket data, and want to know what are the most common "text" or "Patterns" in that field. Somehow I cannot share the data here. so when I write the search:

index=*** source=**** Description=* and run the Pattern tab, it shows only patterns for sample 1000 events, but I want to show for all of my 25000 records. How can I change the sample events to "25000".

Also, I saw that cluster command can be used for grouping the events with common pattern. Please help me in whether I should be using Pattern tab or Cluster command.

Regards
PG

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎09-01-2016 11:55 AM

The pattern tab runs searches using the cluster command under the covers and applies some UI post processing to the results. I would recommend you review the documentation for the cluster command here and determine which command options meet your needs best.

Reply

pgadhari
Builder
‎09-01-2016 11:44 AM

This is quite urgent please...

0 Karma
Reply
Get Updates on the Splunk Community!

Your Guide to Splunk Digital Experience Monitoring

A flawless digital experience isn't just an advantage, it's key to customer loyalty and business success. But ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...