Hi Team,

We have recently upgraded the Splunk to version 8.0 . So the dashboards and reports whichever created in Advanced XML is not working so re-creating it in Simple XML. Earlier we were using a view called Flashtimeline, which will show the normal events in a very organised and user understandable way. This view was created in Advanced XML. Below is a sample log event, which is displayed in the view called flashtimeline (This displayed when we just give "index=xx sourcetype=yy host=zz").

Host:	xxx	Service:	DATABASE
Has Details:	N	Is Sample:	N
Process Name:	yyy
Request Id:	zzz
Request:	{call sp_name('*')}
Start Timestamp:	2020-09-07 04:29:56.986	End Timestamp:	2020-09-07 04:29:57.242
 
Timing Details (Total Exec Time=256 ms)
Name	Time since beginning (ms)	Execution Time(ms)	% of Total Time
BEGIN	0	0	0
preExecution	0	0	0
prepareStatement	0	0	0
setParameters	0	0	0
executeQuery	0	251	98
handleExecution	251	5	1
END	256	0	0

 
This is a very neat, organised and easily understandable format of an event. 
Here is the actual display of the same event, when we try to search in the Search app with the same query "index=xx sourcetype=yy host=zz"

"2020-09-07 04:29:00.995","10.241.140.193","DATABASE","sp_name","2020-09-07 04:29:01.197","xxx","1","202","","BEGIN","1599452940995","preExecution","1599452940995","prepareStatement","1599452940995","setParameters","1599452940995","executeQuery","1599452940995","handleExecution","1599452940998","END","1599452941197","-","-1","-","-1","-","-1","yyy","-","zzz","N"," {CALL sp_name(?, ?, ?, ?)}","N"

 
I am aware the Flashtimeline was deprecated during the Splunk 6.x version itself and it was replaced with Search app.
But I would like to display the events in a neat and organised way (as like the first sample event) with Simple XML code.

Could anyone please help me on getting this as soon as possible.