From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,300 courses taught by industry experts.
View search history - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
View search history
Now, let's suppose that you ran some searches in your Splunk instance of deployment. It lasted 10 minutes. You never extended it by sharing it so that it goes to seven days, or after seven days, you never saved as a report. So it's no longer available in Splunk, but you wanted to get access to the query that you use for that search. was a very complex query and you thought it was going to take a long time for you to write it again. You can always go to the search history and view that information. So the search history contains a list of the most recently run ad hoc searches in your Splunk instance or deployment. Now you can actually do some things with the search history. You can use a filter here to find terms in previously run searches. We have been running searches with 0109 and so on. And let's suppose that after that, And there have been multiple days where you're running different searches and so on. And all of a sudden, you wanted that search that you were using for 01 or for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Module overview1m 41s
-
(Locked)
Overview of search and reporting app2m 56s
-
(Locked)
Search with keywords and phrases12m 27s
-
(Locked)
Use wildcards7m 56s
-
(Locked)
Use boolean operators10m 42s
-
(Locked)
Use search assistant18m 10s
-
(Locked)
Identify contents of search results11m 40s
-
(Locked)
Setting search time range23m 9s
-
(Locked)
Events timeline14m 30s
-
(Locked)
Manage search jobs21m 13s
-
(Locked)
View search history4m 34s
-
(Locked)
-
-
-
-
-
-