Splunk Search

Zoom to selection

palisetty
Communicator

I know that 'Zoom out' will make the search to re-execute but I am not sure about 'zoom in' or 'zoom to select'. Kindly let me know if it does?

Tags (1)
0 Karma
1 Solution

@palisetty best answer is you should try it out by yourself to learn. Do you have Splunk instance? How did you check "Zoom Out" runs a new search?

Have you read the Splunk Documentation and tried each of the Splunk Documentation: https://docs.splunk.com/Documentation/Splunk/latest/Search/Usethetimeline#Zoom_in_and_zoom_out_to_in...

PS: All the points you have asked has been specifically taught in the Fundamentals 1 course. If nothing works out for you it is time for you to revise the course. These are very basic concepts and understanding them is better approach than preparing a question bank or mugging up crucial concepts just for the sake of clearing the certification exam. If you feel you are under-prepared you can also re-schedule your exam to a later date.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

@palisetty best answer is you should try it out by yourself to learn. Do you have Splunk instance? How did you check "Zoom Out" runs a new search?

Have you read the Splunk Documentation and tried each of the Splunk Documentation: https://docs.splunk.com/Documentation/Splunk/latest/Search/Usethetimeline#Zoom_in_and_zoom_out_to_in...

PS: All the points you have asked has been specifically taught in the Fundamentals 1 course. If nothing works out for you it is time for you to revise the course. These are very basic concepts and understanding them is better approach than preparing a question bank or mugging up crucial concepts just for the sake of clearing the certification exam. If you feel you are under-prepared you can also re-schedule your exam to a later date.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

indigeek
New Member

@niketn-deceased 

In Fundamentals 1 elearning Module 5, the instructor mentions "Selecting or zooming into events uses your original search job. When you zoom out, Splunk runs a new search job."
In the Fundamentals 1 pdf however, it mentions on page 68 that both Zoom Out and Zoom to selection re-executes the search.
Seems like a discrepancy between the instructor video and the slides in the pdf.image.png

0 Karma

ca_red891
Observer

I noticed the discrepancy between the instructor video and the slides in the pdf, as well, indigeek.

0 Karma

palisetty
Communicator

I see that it is happening

0 Karma

Cool now you will not forget the concept. Only when you mouse over and select bars in the timeline or choose Deselect then a new search will not execute. Rest all scenarios new search is run. Which you can very easily try and learn.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

If your issue is resolved please go ahead and accept the answer 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

rkyadav
Path Finder

'zoom to select' will allow you to show only selected events for particular interval you applied 'zoom to select'. likewise 'Zoom-out' search will also re-execute as per applied selection.

0 Karma

palisetty
Communicator

I know that. My question is, will 'zoom in' will go for re-execution of a search or no after selecting a particular set of time ranges from the timeline.

0 Karma

rkyadav
Path Finder

Yes, you can check this in "Inspect Job" for related execution costs.

0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...