![]() See Use the TERM directive to match terms that contain minor breakers. For more information about how Splunk software breaks events up into searchable segments, see About segmentation in Getting Data In. When you use the TERM directive, the Splunk software expects to see the term you specify as a token in the lexicon in the. This is discussed in the following examples. For example, you cannot use TERM to search for Maria Dubois because there is a space between the names. The TERM directive only works for terms that are bounded by major or minor breakers, but the term you are searching for cannot contain major breakers. If you specify TERM(127.0.0.1), the search treats the IP address as a single term, instead of individual numbers, and returns all events that contain the IP address 127.0.0.1. If you search for the IP address 127.0.0.1, Splunk software searches for 127 AND 0 AND 1 and returns events that contain those numbers anywhere in the event. For example, the IP address 127.0.0.1 contains the period (. Use the TERM directive to ignore the minor breakers and match whatever is inside the parentheses as a single term. When data is indexed, characters such as periods and underscores are recognized as minor breakers between terms. That is the reason for the difference you are seeing. ![]() stats returns all data on the specified fields regardless of acceleration/indexing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |