Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use the "Pattern" tab in Splunk?

pgadhari
Builder
‎09-01-2016 11:38 AM

Hi All,

I want to do text analytics in my data and I am thinking of using the "Pattern" tab for that. Actually, I have a "Description" field for my ticket data, and want to know what are the most common "text" or "Patterns" in that field. Somehow I cannot share the data here. so when I write the search:

index=*** source=**** Description=* and run the Pattern tab, it shows only patterns for sample 1000 events, but I want to show for all of my 25000 records. How can I change the sample events to "25000".

Also, I saw that cluster command can be used for grouping the events with common pattern. Please help me in whether I should be using Pattern tab or Cluster command.

Regards
PG

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎09-01-2016 11:55 AM

The pattern tab runs searches using the cluster command under the covers and applies some UI post processing to the results. I would recommend you review the documentation for the cluster command here and determine which command options meet your needs best.

Reply

pgadhari
Builder
‎09-01-2016 11:44 AM

This is quite urgent please...

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...