Splunk Search

Search by file name?

dgarstang
Engager

As an admin that's used to searching logs with /bin/less, ? and /, I find the Splunk web interface pretty confusing.

How can I limit searches in the web UI to specific source file names? In fact, I can't even see where Splunk even shows the name of the file that searches appeared in. This is really confusing. If I don't know what file a match was in, I really have no context of what I am seeing.

Doug.

Tags (1)
1 Solution

chris
Motivator

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

alt text

I hope this helps

Chris

View solution in original post

chris
Motivator

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

alt text

I hope this helps

Chris

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...