Dashboards & Visualizations

How to setup the custom search app in simple XML code to provide results

akarivaratharaj
Communicator

I have created a dashboard, only with custom search app with Java scripts in Splunk version 8 with simple xml code. Here is the reference - post.

I have two issues with my custom search app.

1. Issue with Smart mode:
- When the search query is entered and search bar return the results, it provides the result in "Smart mode".
- In this mode, the raw event log is not displayed, instead of that, the fields and the values in each raw event are displayed as table format even for a very simple query like

 

index=main source=abc sourcetype=xyz

 


- If I switch to Fast mode manually, then I get the raw events but it's not readable. To view a complete log event, I need to scroll to right till the end.
- It will be good if the raw event is wrapped together to the screen size and easily readable (as like normal Search app).

2. Issue with the option "Event Actions"
- In the search app, when we get results for a query, we can see a small dropdown attached to each event results.
- The dropdown shows the options like Extract fields, show source, Event type, etc.,
- The dropdown also shows the field-value like host, source, sourcetype and index
- These options are missing in my custom search app results.

These two issues need fix as soon as possible, so that I can make my custom search app provide results similar to the inbuilt search app.

Could anyone please help me on fixing this issue as soon as possible

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...