Solved: How to create a search template (macro) using Splu...

neermine · ‎08-17-2018

Hi

I need to create a search template using Splunk so I want to know what are the steps that I have to follow? must I create an app? are there any easy ways without using XML?

Ayn · ‎08-17-2018

What you describe sounds like a macro. https://docs.splunk.com/Documentation/Splunk/7.1.2/Knowledge/Usesearchmacros

View solution in original post

Ayn · ‎08-17-2018

What you describe sounds like a macro. https://docs.splunk.com/Documentation/Splunk/7.1.2/Knowledge/Usesearchmacros

richgalloway · ‎08-17-2018

What do you mean by a "search template"? What do you plan to do with it?

---
If this reply helps you, Karma would be appreciated.

neermine · ‎08-17-2018

it's simple i have this command "..|table date time app ipsrc ipdst..... " i want to create a temple that make me use it without writing it over and over again with every file that i open with splunk

richgalloway · ‎08-17-2018

That would be a macro. Search macros are parameterized chunks of a search that you can reuse in saved and ad-hoc searches. Search macros can be any part of a search, such as an eval statement or search term, and do not need to be a complete command. You can also specify whether or not the macro field takes any arguments.

Go to Settings->Advanced Search->Search macros->New to create a macro.
Invoke the macro in your search by enclosing the name in backticks.

See Create and use search macros - from the Splunk documentation

---
If this reply helps you, Karma would be appreciated.

neermine · ‎08-17-2018

thank you 😄

How to create a search template (macro) using Splunk?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation