Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to include an app name as a part of the search query?

nibinabr
Communicator
‎01-27-2015 12:03 PM

Is there a way by which I can get the app name as the part of the search query. Something like

index=myindex | eval my_app_name=$app_name$|

So if I'm executing the query above in the search and reporting app, my_app_name should be searched.

Thanks

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-27-2015 03:00 PM

You could do this:

  index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]

View solution in original post

Reply
Solved! Jump to solution

sloshburch
Ultra Champion
‎11-18-2016 07:39 AM

I just discovered that, starting with 6.5.0, there's some sweet new global tokens!

One of which is $env:app$

http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/tokens#Use_global_tokens_to_access_environment...

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-27-2015 03:00 PM

You could do this:

  index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]
Reply
Solved! Jump to solution

Dawson014
Path Finder
‎05-31-2018 04:47 AM

Thanks! Just what I needed!

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-28-2015 09:27 AM

No luck with relative URLs?

0 Karma
Reply
Solved! Jump to solution

nibinabr
Communicator
‎01-28-2015 09:21 AM

I'm trying to build a dashboard that performs some operations on the URL en-US/app/app_name/ and I want this dashboard to work on all the apps without trying to change the app name.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-28-2015 08:55 AM

I'm with @alacercogitatus though, curious what you're trying to achieve here.

0 Karma
Reply
Solved! Jump to solution

nibinabr
Communicator
‎01-28-2015 06:31 AM

Exactly what I was looking for.
Thanks

0 Karma
Reply
Solved! Jump to solution

alacercogitatus
SplunkTrust
SplunkTrust
‎01-27-2015 12:38 PM

What are you trying to achieve here? Why would you want the app name in the search query?

0 Karma
Reply
Solved! Jump to solution

rharrisssi
Path Finder
‎06-12-2018 09:24 AM

What are you trying to achieve with that question? It's passive aggressive and unhelpful.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...