abstract
abstract
Synopsis
Produces a summary of each search result.
Syntax
abstract [maxterms=int] [maxlines=int]
Optional arguments
- maxterms
- Syntax: maxterms=<int>
- Description: The maximum number of terms to match.
- maxlines
- Syntax: maxlines=<int>
- Description: The maximum number of lines to match.
Description
This data processing command produces an abstract (summary) of each search result. The importance of a line in being in the summary is scored by how many search terms it contains as well as how many search terms are on nearby lines. If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are jumps between the lines selected, lines are prefixed with an ellipsis (...).
Examples
Example 1: Show a summary of up to 5 lines for each search result.
... |abstract maxlines=5See also
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has about using the abstract command.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.