abstract
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
abstract
Synopsis
Produces a summary of each search result.
Syntax
abstract [maxterms=int] [maxlines=int]
Arguments
- maxterms
- Syntax: maxterms=<int>
- Description: The maximum number of terms to match.
- maxlines
- Syntax: maxlines=<int>
- Description: The maximum number of lines to match.
Description
This data processing command produces an abstract (summary) of each search result. The importance of a line in being in the summary is scored by how many search terms it contains as well as how many search terms are on nearby lines. If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are jumps between the lines selected, lines are prefixed with ....
Examples
Example 1: Show a summary of up to 5 lines for each search result.
... |abstract maxlines=5
See also
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.