I have created a dashboard, only with custom search app with Java scripts in Splunk version 8 with simple xml code. Here is the reference - post.
I have two issues with my custom search app.
1. Issue with Smart mode:
- When the search query is entered and search bar return the results, it provides the result in "Smart mode".
- In this mode, the raw event log is not displayed, instead of that, the fields and the values in each raw event are displayed as table format even for a very simple query like
index=main source=abc sourcetype=xyz
- If I switch to Fast mode manually, then I get the raw events but it's not readable. To view a complete log event, I need to scroll to right till the end.
- It will be good if the raw event is wrapped together to the screen size and easily readable (as like normal Search app).
2. Issue with the option "Event Actions"
- In the search app, when we get results for a query, we can see a small dropdown attached to each event results.
- The dropdown shows the options like Extract fields, show source, Event type, etc.,
- The dropdown also shows the field-value like host, source, sourcetype and index
- These options are missing in my custom search app results.
These two issues need fix as soon as possible, so that I can make my custom search app provide results similar to the inbuilt search app.
Could anyone please help me on fixing this issue as soon as possible