This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# the output from running "/opt/splunk/bin/splunk btool searchbnf list" on a fairly default Splunk 7.2 instance | |
[abstract-command] | |
alias = excerpt | |
appears-in = 3.0 | |
category = formatting | |
commentcheat = Show a summary of up to 5 lines for each search result. | |
description = Produce an abstract -- a summary or brief representation -- of the text of search results. The original text is replaced by the summary, which is produced by a scoring mechanism. If the event is larger than the selected maxlines, those with more terms and more terms on adjacent lines are preferred over those with fewer terms. If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are gaps between the selected lines, lines are prefixed with "...". \p\ | |
If the text of a result has fewer lines or an equal number of lines to maxlines, no change will occur.\i\ | |
* <maxlines> accepts values from 1 - 500. \i\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[bool] | |
syntax = t|true|f|false | |
[field] | |
syntax = <fvalue> | |
[field-and-value] | |
syntax = <field>/s*=/s*<fvalue> | |
[field-and-value-list] | |
syntax = (?:<field-and-value>)+ | |
[field-list] | |
syntax = <field>(?:[ ,]+<field>)* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE NETSCAPE-Bookmark-file-1> | |
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> | |
<TITLE>Bookmarks</TITLE> | |
<H1>Bookmarks</H1> | |
<DL><p> | |
<dt><a href="https://splunkbase.splunk.com/">Splunkbase</a> | |
<dt><a href="https://git.io/splhighlighter">Splunk Highlighter</a> | |
<dt><a href="http://regex101.com/">regex101.com</a> | |
<dt><a href="http://strftime.net/">strftime.net</a> | |
<DT><H3 ADD_DATE="1551742873" LAST_MODIFIED="1553513798">.Conf Files</H3> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<dashboard> | |
<label>gauge test</label> | |
<row> | |
<panel id="autoresize"> | |
<viz type="number_display_viz.number_display_viz"> | |
<search> | |
<query>| makeresults | |
| eval process="Process1 Process2 Process3" | makemv process | mvexpand process | |
| eval breachPerc="10 20 15" | makemv breachPerc | |
| eval nBreachPerc="69 70 80" | makemv nBreachPerc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<dashboard> | |
<label>gauge test</label> | |
<row> | |
<panel id="autoresize"> | |
<viz type="number_display_viz.number_display_viz"> | |
<search> | |
<query>| makeresults | |
| eval process="Process1 Process2 Process3" | makemv process | mvexpand process | |
| eval breachPerc="10 20 15" | makemv breachPerc | |
| eval nBreachPerc="69 70 80" | makemv nBreachPerc |