Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Knowledge Object Reporting

sh1pit76
Explorer
‎01-09-2020 08:20 AM

This might be an easy question for some of you splunk ninjas out there. I'm trying to create a report to show all our instances saved searches with their descriptions and search syntax, listed by app. However, due to the inconsistencies between the lines required to show the title, description, and search syntax of each search, they don't line up with one another in the final report. Is there a way to display this info in such a way that it's still broken down by App, but with the title, description, and search info aligned with each title in the results?

This is the synax I'm using:

| union maxtime=300 timeout=300
[| rest splunk_server="local" "/servicesNS/-/-/saved/searches"
| eval type="Saved Searches/Alerts/Reports"]
| stats list(title) as Title, list(description) as Description, list(search) as Search by eai:acl.app
| rename eai:acl.app as App

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-09-2020 02:10 PM

You can do a stats by app title, giving you one line per search but still a grouping by app first. This will ensure that even very long titles or descriptions don't mess up your alignment.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...