Re: Does anyone already have a Formatter (User def...

koprai · ‎01-06-2015

Searched a bit, but could find anything. Does anyone already have a Formatter for Splunk search text or Splunk dashboard XMLs (that include prettying the embedded search elements). Ideal if it is pluggable with Notepad++ or Eclipse.

Even though I write the searchTemplate and searchPostProcesses with proper indentation and line breaks on the dashboard XML, when I explore the search via the panel, the search indentations get lost. Indentations also get lost if dashboard.xml gets overwritten as a result of panel edits. Without indentation and formatting, it is very difficult to understand complicated queries.

A formatter that does indentation and line-breaks based on “|” and “[“ and “]” would be great. I know it is possible to define User Defined Language formatter in notepad++ and Eclipse. I wanted to know if someone already has it or if there is a Splunk Formatted App.. IMO native search text formatting should be a feature request for Splunk (both in dashboard XMLs and in search box)

mew1033 · ‎11-28-2016

I found one here: http://www.bbosearch.com/pretty
I'd really like to turn it into a sublime plugin or something...

MuS · ‎01-06-2015

not an real answer to your question but nice anyways https://github.com/yorokobi/vim-splunk

Does anyone already have a Formatter (User defined language) for Splunk search text or dashboard XMLs on Eclipse or Notepad++?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation