Splunk Search

How to manage Searches & Reports in 6.2.0

ufotech
Explorer

In 4.3 SPLUNK we had a niche drop-down menue with our saved searches properly grouped.
Therefore we would define collections in default.xml like:

<collection label="Searches &amp; Reports">
    <collection label="FIX">
      <saved source="unclassified" match="FIX" />
    </collection>

It appears that in 6.2.0 all of this has gone. The default.xml is basically empty.

What is the concept now of grouping searches and displaying them in a drop-down menue as opposed to having to switch to the reports-page?

Thanks

Tags (2)
1 Solution

chimell
Motivator
try it like this :
      If you want to create for example 5 views (reports) you must write 5 queries and use each of them in his own view using xml code . see link : http://student04:8000/en-US/manager/my_app_name/data/ui/views .This is a example of report code xml : 

    <dashboard >
          <label> the label of your report</label>
          <row>
            <panel>
            <title>title of your first panel</title>
            <searchString>enter your search code </searchString>
           <earliestTime> enter your earliest time e.g   -60m@m<earliestTime>
           <latestTime>enter your latest time <latestTime>
           </panel>
   </dashboard>
          Save it as report1 for example

      After creating all your view reports  go to http://student04:8000/en-US/manager/my_app_name/data/ui/nav/default   and write this code : 

      <nav  search_view=" my_app_name " color="#993300">
            <view name="search" default='true' />
            <collection  label="my reports">
                         <view name="report1"/>
                         <view name="report2"/>
                             ……………
            </collection>
    </nav>
    After doing this you must see the drop down menu of your report in the interface of your application.

View solution in original post

chimell
Motivator
try it like this :
      If you want to create for example 5 views (reports) you must write 5 queries and use each of them in his own view using xml code . see link : http://student04:8000/en-US/manager/my_app_name/data/ui/views .This is a example of report code xml : 

    <dashboard >
          <label> the label of your report</label>
          <row>
            <panel>
            <title>title of your first panel</title>
            <searchString>enter your search code </searchString>
           <earliestTime> enter your earliest time e.g   -60m@m<earliestTime>
           <latestTime>enter your latest time <latestTime>
           </panel>
   </dashboard>
          Save it as report1 for example

      After creating all your view reports  go to http://student04:8000/en-US/manager/my_app_name/data/ui/nav/default   and write this code : 

      <nav  search_view=" my_app_name " color="#993300">
            <view name="search" default='true' />
            <collection  label="my reports">
                         <view name="report1"/>
                         <view name="report2"/>
                             ……………
            </collection>
    </nav>
    After doing this you must see the drop down menu of your report in the interface of your application.

chimell
Motivator

thank for the accepted answer

0 Karma

chimell
Motivator

now i need that you vote me

0 Karma

ufotech
Explorer

Ok. I found that copying the content into default.xml produces the required result.
It still works in 6.2.0 just the same.
Only the settings were lost in the two-step migration 4.3 - 6.0 - 6.2

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...