Is there an established naming convention for saved reports, searches, events and suchlike in Splunk?
If not, does anyone have any suggestions based on successful usage?
Since this was one of the first answers on a Google Search, I figured I'd add this: https://docs.splunk.com/Documentation/CoE/current/Handbook/Naming
Not sure if there is a Splunk standard, but it does make it nice to come up with a standard naming convention to organize your searches.
For example I begin some of my search names with audit (ex: audit_fails, audit_successful). Then under my app I go into manager - user interface - navigation menus - default and added the following under
So any time I create a search with the word audit it automaticly gets placed in the searches menu . I have another for my Database searches that I start with db_ (ex db_group1, db_group2) so it can get organized in a menu just for them so I am not scrolling through my other search to find them.
Some good reading would be: http://www.splunk.com/base/Documentation/4.2/Developer/Step6BuildNavigation
This one talks about the helpfulness of naming conventions: http://www.splunk.com/base/Documentation/4.2/Knowledge/Developnamingconventionsforknowledgeobjecttit...
Hope this helps
Travis.