Splunk Search

How to configure Chrome as a search engine for Splunk queries?

oxnard
Engager

Hi there,

I couldn't find this question already on here. Hopefully it's a simple one.

I use Splunk regularly in my work and often have to run a quick query.
I've configured Chrome so that I can quickly search from the omnibox/address bar by typing a shortcut, so that I can search other regularly used systems (like Jira).

Can Splunk do the same?
This is what I've tried:

Chrome > Settings > Manage Search Engins (alternatively, chrome://settings/searchEngines)

I then add a new Search engine with the following details:

Name "Splunk"
Keyword "s"
URL "http://splunk_vm_box:8000/en-US/app/search/search?q=search%20"

So, when I'm in the address bar/omnibox in Chrome I should be able to type "s" then press the space bar to initiate a Splunk query.
It doesn't seem to like this though.

I don't believe the issue is caused by user authentication - other systems I've configured in a similar way also require logging in.
Is my search URL incorrect?
I know splunk assigns an individual search ID to each query, but I figure this would happen AFTER I submit the query, not prior.

1 Solution

MuS
Legend

Hi oxnard,

Thanks for this question and nice hint using chrome like this!
I tried it myself and got it working, you missed one little thing 😉
You have to provide a %s somewhere in the URL so chrome will know where to place the search string.
Change your config to something like this:

Name "Splunk"
Keyword "s"
URL "http://splunk_vm_box:8000/en-US/app/search/search?q=search%20%s"

and it will work like a charm 🙂

hope this helps ...

cheers, MuS

View solution in original post

MuS
Legend

Hi oxnard,

Thanks for this question and nice hint using chrome like this!
I tried it myself and got it working, you missed one little thing 😉
You have to provide a %s somewhere in the URL so chrome will know where to place the search string.
Change your config to something like this:

Name "Splunk"
Keyword "s"
URL "http://splunk_vm_box:8000/en-US/app/search/search?q=search%20%s"

and it will work like a charm 🙂

hope this helps ...

cheers, MuS

BasiliusCarver
Explorer

Firefox can use keyword searches for this without the need for an extension.
FirefoxBookmarkConfig

Then you search by typing the keyword followed by the splunk search string:
FirefoxSearchSyntax

oxnard
Engager

Thanks MuS.
That works a treat!

0 Karma

pradeepkumarg
Influencer

Do we have a similar solution for firefox?

0 Karma

MuS
Legend

No, but may be this add-on for Firefox can help you https://addons.mozilla.org/en-US/firefox/addon/add-to-search-bar/
I did not test it, because I don't use Firefox 😉

pradeepkumarg
Influencer

Thanks so much.. That worked..

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...