Clicking to modify your search
Though you can probably figure it out by just clicking around, it is worth discussing the behavior of the GUI when moving your mouse around and clicking:
- Clicking on any word or field value will give you the option to
Add to search
orExclude from search
the existing search or create aNew search
, as shown in the following screenshot:
- Clicking on a word or a field value that is already in the query will give you the option to remove it from the existing query or, as previously, create a new search, as shown in the following screenshot:
Event segmentation
In prior versions of Splunk, event segmentation was configurable through a setting in the Options
dialog. In version 6.2, the options dialog is not present; although segmentation (discussed later in this chapter) is still an important concept, it is not accessible through the web interface/options dialog in this version.
Field widgets
Clicking on values in the Select Fields
dialog (the field picker) or in the field...