I have a requirement to identify all unique log patterns from splunk. I can get it on Patterns on pattern tab on splunk UI, but want to get it programmatically.
I can get search results using splunk sdk, not able to find unique log patterns.
Asked
Active
Viewed 233 times
1 Answers
0
When you click on patterns, it does a cluster command. In fact, you can see the cluster command by looking in the activity drop down at jobs that you ran.
It uses loadjob on the search you just ran, and adds this:
| cluster t=0.9 labelonly=true labelfield=_patterns match=termset
| findkeywords labelfield=_patterns dedup=true
So this is just a regular search, and then using cluster.
Larry Shatzer
- 3,579
- 8
- 29
- 36