Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use the "Pattern" tab in Splunk?

pgadhari
Builder
‎09-01-2016 11:38 AM

Hi All,

I want to do text analytics in my data and I am thinking of using the "Pattern" tab for that. Actually, I have a "Description" field for my ticket data, and want to know what are the most common "text" or "Patterns" in that field. Somehow I cannot share the data here. so when I write the search:

index=*** source=**** Description=* and run the Pattern tab, it shows only patterns for sample 1000 events, but I want to show for all of my 25000 records. How can I change the sample events to "25000".

Also, I saw that cluster command can be used for grouping the events with common pattern. Please help me in whether I should be using Pattern tab or Cluster command.

Regards
PG

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎09-01-2016 11:55 AM

The pattern tab runs searches using the cluster command under the covers and applies some UI post processing to the results. I would recommend you review the documentation for the cluster command here and determine which command options meet your needs best.

Reply

pgadhari
Builder
‎09-01-2016 11:44 AM

This is quite urgent please...

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...