Share/Print/Export Output: The output of the search query can be shared, print or exported in the form of a csv.
Delete/Inspect Jobs:
* Query ran can be inspected as to which step is taking more time to execute. * You can also delete past query in order to free your allotted space and enhance performance.
Search modes:
There are 3 search modes in Splunk:
*Fast Mode: It prioritizes the performance of the search, doesn’t return any non essential field or event data. It disables the field discovery which Splunk uses to extract fields apart from meta-data.
*Verbose Mode: The mode returns all the fields and event data that are possible, no matter how long it takes to complete the search. Field discover is enabled which means it enabled all fields including default, automatic search time extractions, user defined index time and search time.
*Smart Mode: Every report runs in this mode after they are created. It is designed to return best results for whatever search you are running. It toggles between Fast & Verbose depending on the nature of the query.
