All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Advance xml dashboard dispatches search *

pradeepkumarg
Influencer
‎07-19-2016 08:53 AM

We have been observing several searches runnning with the search string as "search *" and narrowed it down to be coming from an advance xml dashboard.

I've tried removing part by part of the dashboard and still see this remaining of the dashboard dispatching a "search *" for the selected time range. Looks like something is mis-configured here and I can not find what. Appreciate any insight any one has on this

<view autoCancelInterval="90" isPersistable="true" isSticky="true" isVisible="true" objectMode="viewconf" onunloadCancelJobs="true" refresh="-1" template="dashboard.html">
  <module name="AccountBar" layoutPanel="appHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="SideviewUtils" layoutPanel="appHeader"/>
  <module name="URLLoader" layoutPanel="viewHeader" autoRun="False">
    <module name="TimeRangePicker" autoRun="False">
      <param name="selected">last 4 hours</param> 
        <module name="Button">
          <param name="allowAutoSubmit">False</param>
          <param name="allowSoftSubmit">False</param>
          <param name="label">Submit</param>
          <module name="SearchControls" layoutPanel="mainSearchControls">
             <param name="sections">jobControls export info</param>
          </module>
        </module>
      </module>
   </module>
</view>
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-19-2016 09:14 AM

In the navigation bar, go to "Key Techniques > Overview of the Advanced XML". And if you don't have such a page it most likely means you're using the extremely old LGPL version of the app and you should upgrade right away. (The current version of the app is completely free for internal use and if you have any questions just let me know)

That page is quite long, but once you read it you'll understand why this page is dispatching a search * search. In short the SearchControls module requires there to be search results. After all note that it has jobControls and an export button. The Sideview UI framework is simply noticing this, and determining that since you haven't specified anywhere what search should run, that you want it to run search *.

Note: Arguably in this kind of case it should display a big red error message instead of quietly kicking off a search * search, and since there is a giant reboot of Sideview Utils coming this year, this improvement may well happen.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-19-2016 09:14 AM

In the navigation bar, go to "Key Techniques > Overview of the Advanced XML". And if you don't have such a page it most likely means you're using the extremely old LGPL version of the app and you should upgrade right away. (The current version of the app is completely free for internal use and if you have any questions just let me know)

That page is quite long, but once you read it you'll understand why this page is dispatching a search * search. In short the SearchControls module requires there to be search results. After all note that it has jobControls and an export button. The Sideview UI framework is simply noticing this, and determining that since you haven't specified anywhere what search should run, that you want it to run search *.

Note: Arguably in this kind of case it should display a big red error message instead of quietly kicking off a search * search, and since there is a giant reboot of Sideview Utils coming this year, this improvement may well happen.

Reply
Solved! Jump to solution

pradeepkumarg
Influencer
‎07-19-2016 10:49 AM

Thanks Nick..

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...