Use time to identify relationships between events
Time is crucial for determining what went wrong – you often know when. Splunk enables you to identify baseline patterns or trends in your events and compare it against current activity.
You can run a series of time-based searches to investigate and identify abnormal activity and then use the timeline to drill into specific time periods. Looking at events that happened around the same time can help correlate results and find the root cause.
- Read more about how to "Use the timeline to investigate patterns of events" in this manual.
- An example of this is demonstrated in the "Use the timeline" topic in the Splunk Tutorial.
About event grouping and correlation
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18