Splunk Enterprise 6.6 New Features – Part II

/in /by

In part 1 of our series into the new features of Splunk Enterprise 6.6, we looked at Splunk Knowledge Object management. In part 2, we will explore new features within the enhanced search editor, such as line-numbering, syntax highlighting and macro expansions.

Enhanced Search Editor – Line Numbering and Syntax Highlighting

The two features I’ll expand in this section on are line-numbering and syntax-highlighting. Not only do they add visual appeal by giving the user a theme choice, but they also allow you to write queries on an enhanced search editor. You can activate these features by going to your user account settings. Under the ‘Search’ options select Dark Theme for ‘Syntax highlighting’ and set ‘Show line numbers’ to On.

syntax highlighting

After selecting dark-themed highlighting and activating line-numbering, my Splunk search bar now has a black background with line numbering, making it easier to find or edit lines of code.

splunk 6.6 search bar

The line numbering allows you to review commands and adds clarity to functions for the user. This would be an invaluable tool when comparing searches or troubleshooting. For comparison, here is a view of the Splunk 6.5 Search Bar, without the syntax highlighting or line numbering.

splunk 6.5 search bar

Enhanced Search Editor – Macro Expansion

In Splunk 6.5 and earlier versions, to view the complete search commands executed by a macro, you either navigated to Advanced Search > Search Macros or searched for the macro string via job inspector.  However, in Splunk 6.6, the enhanced search editor allows you to expand your macros to display the search string in a pop-up. Understanding how your macros work when writing search queries can save time, and has been given a keyboard shortcut to access easily.

In the Splunk 6.6 Search bar, useCTRL+SHIFT+E”  for Windows or “CMD+SHIFT+E” for Macs, to display a pop-up of your macro. This is illustrated in the graphic below.

macro expansion

Looking to expedite your success with Splunk? Click here to view our Splunk service offerings.

© Discovered Intelligence Inc., 2017. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
What’s New In Config Quest 3.0
Deployment Server Clustering – An Easier Way to Manage Splunk Forwarders
Get Excited About The Splunk Cloud ACS CLI
Creating an IoT Fleet Management Solution using Splunk
Splunk Enterprise 6.6 New Features – Part III
splunk attack rangeSave Time and Improve your Security Posture with Splunk Attack Range
Simplifying SPL: A Beginner’s Guide to the Splunk AI Assistant
Homepage for Splunk – Our New App!