Solved: formatting query onto multiple lines in search bar

bdesatnik · ‎05-11-2015

I'm trying to format the query in the search bar so it appears on multiple lines (for easier readability).

From this:
sourcetype=iis cs_host="test.com" NOT c_ip="92.111*" | timechart span=1d dc(cs_username) AS User_Count | eval Date=strftime(_time, "%Y-%m-%d") | eval User_Count=tostring(User_Count, "commas") | rename User_Count as "User Count" | table Date, "User Count"

To this:
sourcetype=iis cs_host="test.com" NOT c_ip="92.111*"
| timechart span=1d dc(cs_username) AS User_Count
| eval Date=strftime(_time, "%Y-%m-%d")

| eval User_Count=tostring(User_Count, "commas")
| rename User_Count as "User Count"
| table Date, "User Count"

Is there a shortcut key that will work to split the query into multiple lines? Pressing Enter in the search bar just runs the search.

Thank you.

aweitzman · ‎05-11-2015

Pressing "Shift-Enter" works for me.

View solution in original post

bdesatnik · ‎05-11-2015

That worked - thank you!!

aweitzman · ‎05-11-2015

Glad to hear it. Feel free to mark it as the answer so other people know that this question has been answered.

aweitzman · ‎05-11-2015

Pressing "Shift-Enter" works for me.

obaf · ‎12-12-2017

If you are using newer version of Splunk, then Ctrl + \

formatting query onto multiple lines in search bar

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!