Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Making Saved Searches Searchable

tkwaller
Builder
‎05-01-2014 08:45 AM

Hello

This may be a dumb question but I have a large list of saved searches that I am organizing in navigation menus. There are some that support uses that are already created but after organizing them, when you select one to open, it opens to results but the search bar is not available to edit the search.

What I would like to do is have saved searches and when support selects one to open, from the lists/nested lists I created for them, it opens and allows them to enter needed data. For example I saved a very basic search, (index=tt brokerId= listingId=), they can select it from the dropdown list I organized it into. Once it opens they could be able to enter the value for "brokerId" as well as "listingId" without extra typing or clicks.

Any ideas on how I could accomplish this or what I am doing incorrectly?
Thank you in advance!

0 Karma
Reply

lguinn2
Legend
‎05-01-2014 11:51 AM

I would consider using forms for this purpose.

Form Examples

Macros would also be a possibility, but forms are easier to use.

0 Karma
Reply

tkwaller
Builder
‎05-02-2014 05:12 AM

I understand that I could use a form but it wouldn't make much sense to create one for every search that support may use, there could be more than 100. I can organize saved searches into navigation menus using match commands, you can select and run those searches from the navigation menus, but when you do there is no way to edit the search from there. Is there a way that this can be accomplished? It would be much simpler if they could save theyre own searches, the navigation menus organize them, and all they have to do is select the search they want to run, change a little data and its done.

0 Karma
Reply

lguinn2
Legend
‎05-01-2014 11:48 AM

What version of Splunk?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...