Alerting

Is there an easy way to create a Report that is identical to an interesting field pop up window?

mninansplunk
Path Finder

Hello,

I need to create a report that is identical to the interesting field pop up window:

Top 10 Values  |  Count  |  %

Is there anyway to create a report directly from this pop up or see the search that is performed when looking at this popup?

Thank you for your help,

Tom

popup.JPG

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mninansplunk,

I'm not sure to have completely understood you need!.

the Splunk GUI is done to navigate data, a report is a static view of your data: I usually use reports only when, for compliance reasons, I need to fix a situation in time (e.g. the users every month) and I have to demonstrate it to an auditor, but when I have to search something in data I don't like reports because they are static and not (or few) navigable.

This is a discussion that I always have with my customers when I start a Splunk project: Splunk gives a near real time view of data and it is unuseful to limit it in a report (except compliance obviously!)

Anyway you can use the top command to show your data in the same format of the interesting fields and you can save the search in a report i you like:

your_search
| top field

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...