Search assistant help text

bmgilmore · ‎06-13-2012

Is there a supported way to edit/expand the "How to Search" text in the search bar assistant? Let me know, thanks,

ChrisG · ‎06-13-2012

This text is contained in searchbnf.conf. There is a searchbnf.conf in $SPLUNK_HOME/etc/system/default/. You should not modify it. If your application has its own custom python search commands, your application can include its own searchbnf.conf to describe the commands to the search assistant.

ChrisG · ‎06-20-2012

Sorry for the delayed follow-up, I was away for a few days. The strings you are looking for are contained in the messages.pot files in $SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/locale.

HOWEVER: it is not recommended that you modify this file. It will be overwritten whenever you upgrade, and modifying default Splunk files is not a good practice as a general rule. It can make it difficult for customer support to help you and can have unanticipated effects in your installation.

bmgilmore · ‎06-14-2012

Thanks, that is good to know, I am really looking for the following text:

How to Search
Step 1: Retrieve Events The simplest searches return events that match terms you type into the search bar:

etc...

I dont see this in searchbnf?

Let me know, thanks again!

Search assistant help text

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

Streamline Data Ingestion With Deployment Server Essentials