As an admin that's used to searching logs with /bin/less, ? and /, I find the Splunk web interface pretty confusing.
How can I limit searches in the web UI to specific source file names? In fact, I can't even see where Splunk even shows the name of the file that searches appeared in. This is really confusing. If I don't know what file a match was in, I really have no context of what I am seeing.
Doug.
... View more