Solved: Search by file name?

dgarstang · ‎10-31-2010

As an admin that's used to searching logs with /bin/less, ? and /, I find the Splunk web interface pretty confusing.

How can I limit searches in the web UI to specific source file names? In fact, I can't even see where Splunk even shows the name of the file that searches appeared in. This is really confusing. If I don't know what file a match was in, I really have no context of what I am seeing.

Doug.

chris · ‎10-31-2010

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

I hope this helps

Chris

View solution in original post

chris · ‎10-31-2010

Hi Doug

You can search for a specific file by specifying a file name for the source in the search field. In the example "spam" and "bytes" are the searchterms and the first part (source=/directory/file.log) limits the search to a source which is a file in this case

If you select the source as a field using "Pick fields" every event ( this usually corresponds to one line in a logfile) will show it's source.

I hope this helps

Chris

Search by file name?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life