Skip to main content
Registration for .conf24 is open! Join us June 11-14 in Las Vegas.
 
 
 
Splunk Lantern

Searching and filtering on Splunk RUM data

 

Filtering your data by tags helps you refine the scope of your search results and glean meaningful insights. In Splunk RUM, you can filter both indexed and unindexed tags by two operators: = and !=.

Understand the results of your search

These two examples explain how search results differ depending on the combination of filters you select.

Apply multiple filters under the same operator

You can apply multiple filters under the same operator. For example, this image shows how to select multiple browser types. The results from this search include metrics, events, or sessions originating from Chrome, Electron, Firefox, or Safari.

This shows how to apply multiple filters under the same = sign operator.

Apply separate filters

Suppose you want to monitor the checkout latency of your site on Chrome. If you apply these filters, then the results of the search include metrics, events, or sessions from the custom event Checkout that occurred on a Chrome browser.

This shows how to select two different filters, in this case Browser=Chrome and Custom Event Name = Checkout.

Search for global attributes

Global attributes are key-value pairs added to all reported data. Global attributes are useful for reporting app or user-specific values as tags. You can create global attributes either at the time of library initialization, or afterwards. Span attributes are custom attributes that you can add to specific spans. Custom events capture logic for a specific workflow you define, for example a checkout workflow. For more, see Create custom events.

To search for global attributes, type the tag and value into the filter bar like in the following image:

This shows how to search for a global attribute. in this case enduser.id=123.

Global attributes examples

Suppose you want to identify users, you can add global attributes enduser.id and enduser.role.

For steps on how to add instrumentation to identify users, see:

You might also consider adding:

  • environment
  • app.version
  • enduser.id