Search interface and language enhancements

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Search interface and language enhancements

This feature includes various improvements to Splunk's search interface and language including:

Ability to click on on an event timestamp to drill down into a time period
Ability to double click on the timeline to zoom in on events
Ability to sort columns in tables
Ability to create relative time modifers via Splunk Web
Ability to filter by status on the Jobs page
Ability to use new UTC time manipulation functions to the eval command
Ability to use weeks and quarters in relative time spans
New concurrency command that makes it easier to compute concurrency when you have events that have a field that represents duration
New table command creates a custom table using only specified fields
New rtorder command buffers events from real-time search to emit them in ascending time order when possible
New option to timechart command to drop partial buckets
New option to top and rare commands to insert a row for 'all other values'

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.1.4/ReleaseNotes/Searchinterfaceandlanguageenhancements"

« Improved Splunk Web performance and communication API examples in Python »

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Release Notes

Search interface and language enhancements

Search interface and language enhancements

Comments