Use time to identify relationships between events
Time is crucial for determining what went wrong – you often know when. Splunk software enables you to identify baseline patterns or trends in your events and compare it against current activity.
You can run a series of time-based searches to investigate and identify abnormal activity and then use the timeline to drill into specific time periods. Looking at events that happened around the same time can help correlate results and find the root cause.
Read more about how to "Use the timeline to investigate events" in this manual.
About event grouping and correlation | About transactions |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!