Is there an easy way to create a Report that is id...

mninansplunk · ‎08-19-2021

Hello,

I need to create a report that is identical to the interesting field pop up window:

Top 10 Values | Count | %

Is there anyway to create a report directly from this pop up or see the search that is performed when looking at this popup?

Thank you for your help,

Tom

gcusello · ‎08-19-2021

Hi @mninansplunk,

I'm not sure to have completely understood you need!.

the Splunk GUI is done to navigate data, a report is a static view of your data: I usually use reports only when, for compliance reasons, I need to fix a situation in time (e.g. the users every month) and I have to demonstrate it to an auditor, but when I have to search something in data I don't like reports because they are static and not (or few) navigable.

This is a discussion that I always have with my customers when I start a Splunk project: Splunk gives a near real time view of data and it is unuseful to limit it in a report (except compliance obviously!)

Anyway you can use the top command to show your data in the same format of the interesting fields and you can save the search in a report i you like:

your_search
| top field

Ciao.

Giuseppe

Is there an easy way to create a Report that is identical to an interesting field pop up window?

other

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life