history command Catch 22

topdeck · ‎06-13-2012

Try:

history type=ah action=settle

I get this helpful hint:

"Note: Your first search term is also a search command. Did you mean " | history"?"

Okay Splunk, thanks for the tip.

I'll try:

type=ah action=settle | history

"Error in 'history' command: This command must be the first command of a search."

What in the blue hell is going on here? I did a search yesterday and I can't remember what it was, and before you ask, I don't have access to the box Splunk runs on so I can't look at the logs.

gkanapathy · ‎06-13-2012

| history | where search LIKE "%ah%"

or

| history | eval _raw=search | search "type=ah"

sideview · ‎06-13-2012

The first message is telling you that there is a 'history' command,

and the second message, may not make much sense if you've never seen it before, but it means that you have to do this:

| history type=ah action=settle

where the pipe character is literally at the beginning of the search. History is what they call a "generating" command.

However if you're trying to actually search for the word "history", then you don't want the history command.

topdeck · ‎06-13-2012

Thank you, this was almost the answer.

| history

Returns all of my searches but I can't seem to filter them. Doing something like:

| history type=ah

Results in "Error in 'history' command: Invalid argument: 'type=ah'"

I also tried

| history | type=ah

or

| history | search type=ah

It doesn't like that.

| history | search ah

Does work, it's ugly but at least it's something.

history command Catch 22

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel