Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Change click behavior in Search in 4.1.2
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any idea how to change the 'click to search' behavior in 4.1.2? Specifically I want to disable the feature that allows a user to click on text in the search result (automatically adding that text to the query & running the new search). I know in 3.4 it was possible (see www.splunk.com/base/documentation/3.4/user/changesplunkwebpreferences) but I can't find the equivalent configuration option in 4.1.2. Is it changeable? If so, can it be done on an individual user basis? Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it is changeable. You can modify the default search screen by editing the view $SPLUNK_HOME/etc/apps/search/default/data/ui/views/flashtimeline.xml.
(Or better copy the flashtimeline.xml to $SPLUNK_HOME/etc/apps/search/local/data/ui/views/ and edit it there)
Look for the EventsViewer module and change its parameters.
<module name="EventsViewer" layoutPanel="resultsAreaLeft">
<param name="segmentation">full</param>
<param name="reportFieldLink">report_builder_format_report</param>
<param name="enableBehavior">False</param>
<param name="enableTermSelection">False</param>
</module>
(I've added the enableBehavior and enableTermSelection parameters)
To get a list of all supported parameters for the EventsViewer module, you can take a look at the documentation in your Splunk instance at http://<yoursplunkserver>:8000/modules.
To get different search views for different users, you will probably need to either build a separate search view or a separate app. But its doable.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it is changeable. You can modify the default search screen by editing the view $SPLUNK_HOME/etc/apps/search/default/data/ui/views/flashtimeline.xml.
(Or better copy the flashtimeline.xml to $SPLUNK_HOME/etc/apps/search/local/data/ui/views/ and edit it there)
Look for the EventsViewer module and change its parameters.
<module name="EventsViewer" layoutPanel="resultsAreaLeft">
<param name="segmentation">full</param>
<param name="reportFieldLink">report_builder_format_report</param>
<param name="enableBehavior">False</param>
<param name="enableTermSelection">False</param>
</module>
(I've added the enableBehavior and enableTermSelection parameters)
To get a list of all supported parameters for the EventsViewer module, you can take a look at the documentation in your Splunk instance at http://<yoursplunkserver>:8000/modules.
To get different search views for different users, you will probably need to either build a separate search view or a separate app. But its doable.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any updates to this for SimpleXML or HTML/JS Splunk 6.X?
Building Reliable Asset and Identity Frameworks in Splunk ES
Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting
Automatic Discovery Part 3: Practical Use Cases
