Solved: Search by file name?

dgarstang · ‎10-31-2010

As an admin that's used to searching logs with /bin/less, ? and /, I find the Splunk web interface pretty confusing.

How can I limit searches in the web UI to specific source file names? In fact, I can't even see where Splunk even shows the name of the file that searches appeared in. This is really confusing. If I don't know what file a match was in, I really have no context of what I am seeing.

Doug.

chris · ‎10-31-2010

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

I hope this helps

Chris

View solution in original post

chris · ‎10-31-2010

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

I hope this helps

Chris

Search by file name?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!