Throughout my time using Splunk, I have created some crazy long searches! And have spent more than my fair share of time looking for problems when those searches have gone wrong! Increasing my rate of hair loss whilst trying to find that typo in a field name. Which is why I thought I would create an app that would make Splunk do most of the work.
The app is entitled SPL Rehab and is now free to download on Splunkbase (here). Whilst it was originally designed to work as a debug tool that would let you step through your searches in a similar way a developer steps through breakpoints in code. It has morphed into a tool that will help you make sense of some of the information that appears in the job inspector and will even flag any specific lines within your search that result in 0 results... whilst at the same time retaining that core goal of producing a UI which allows you to step through your search and view the subsequent results.
BONUS NEW THINGS 🎉
And as a bonus feature, the dashboards now include custom theming, allowing individual users to select one of 5 coloured themes which will then be saved as a preference against their account for future visits! 49ers fans in particular may wish to take a peak at this!
LIVE DEMO! 💬
If you would like more information, I will be running a live demo of the app at this months upcoming Yorkshire Splunk User Group virtual session (Sign up here!). There's also a recorded conf session from 2019 (here)
If you have used the app and have some suggestions that would make it even more useful for you. Please leave a comment below, or get in touch via the contact developer section in Splunkbase!