View search results in Splunk Light
After a search runs, the results appear in tabs located below the search bar. There are four results tabs: Events, Patterns, Statistics, and Visualizations. The results tabs populate depending on the type of search commands used in the search. If your search retrieves events, you can view the results in the Events tab and the Patterns tab, but not in the other tabs. If your search includes transforming commands, you can view the results in the Statistics and Visualization tabs.
The Events tab displays the timeline of events, the fields sidebar, and the events viewer. To change the event view, use the List and Format options. By default, the events appear as a list that is ordered starting with the most recent event. In each event, the matching search terms are highlighted.
Timeline of events: A visual representation of the number of events that occur at each point in time. As the timeline updates with your search results, you might notice clusters or patterns of bars. The height of each bar indicates the count of events. Peaks or valleys in the timeline can indicate spikes in activity or server downtime. Thus, the timeline highlights patterns of events or investigates peaks and lows in event activity. The timeline options are located above the timeline. You can zoom in, zoom out, and change the scale of the chart.
Fields sidebar: When you run a search, the fields discovered are listed next to your search results. You can select other fields to show in your events. Also, you can hide this sidebar and maximize the results area.
- Selected fields are set to be visible in your search results. By default, host, source, and sourcetype appear.
- Interesting fields are other fields that Splunk has extracted from your search results.
The Patterns tab simplifies event pattern detection. It displays a list of the most common patterns among the set of events returned by your search. Each of these patterns represents a number of events that all share a similar structure.
You can click on a pattern to:
- View the approximate number of events in your results that fit the pattern.
- See the search that returns events with this pattern.
- Save the pattern search as an event type, if it qualifies.
- Create an alert based on the pattern.
For more information, see Identify event patterns with the Patterns tab in the Splunk Enterprise Search Manual.
The Statistics tab populates when you run a search with transforming commands such as stats, top, chart, and so on. The results are displayed as a statistics table.
Transforming searches also populate the Visualization tab. The results area of the Visualizations tab includes a chart and the statistics table used to generated the chart.
You can change the type and Format of the visualization using the menus above the visualization chart area. You can choose from a variety of chart visualizations, such as column, line, area, scatter, and pie charts. The visualization type menu displays the name of the selected type.
When Recommended displays next to a chart type, it indicates the types that Splunk Enterprise suggests based on the transforming search that produced the results.
Help reading searches in Splunk Light
Use reports in Splunk Light
This documentation applies to the following versions of Splunk® Light: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6