cd /opt/splunk/binĬ) Now you have to run a command to see the search history of a particular user. At first change the directory to $SPLUNK_HOME$/bin. To view the contents of these files you have to run a command. See we are getting a list of files where the contents of the search history are stored. In this case sh is the HOST_NAME so we have used sh.csv with the command. You have to use your $HOST_NAME$.csv with the command. cd /opt/splunkī) Then run a command to see the files where history of the search queries are stored. In this case we have installed Splunk in /opt/splunk path so /opt/splunk is our $SPLUNK_HOME$. From the CLI ( Command Line Interface ) we can also get the information about the search history.Ī) Open the terminal of your Search Head and go to the $SPLUNK_HOME$. There is another way to find the search history. Maximum it shows the search history for last 30 days. Also you can use Time Range Picker to select a particular time frame. Run the above command to see the queries which you had ran before. On the top one time filter is there, you can select the time frame as you want.Ĭ) In the search bar we have to write a command. Also you can see the Last Run time of a particular query. You can add to a new search tab by clicking Add to Search. In the Search column it will show the SPL queries. There are several options by which can find search history in Splunk.Ī) Login to the Search Head by your credentials.ĭ) Now you can see the a list of SPL queries which you had run before. Today we have come with a new and interesting topic of Splunk that is how to view search history in Splunk. Have you ever thought of finding the queries which you had run on yesterday or on the last week ?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |