Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk search interface for non-technical users?

yoyu777
Explorer
‎11-15-2017 09:24 AM

Hi,

This question may be a bit unusual. While I know SPL is already kind of "simple" enough to get a hang of for most technical users, but we are challenged to find a software/service that allows even the least technical users can comfortably create some filters and fire some searches, ideally it should also be able to integrated with Splunk.

"Pivot" does not fit the purpose as it is mainly a visualisation tool rather than search tool.

Has anyone come across things like this before?

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-16-2017 02:51 AM

Hi yoyu777,
we gave to users that don't know Splunk a simple interface for developers that need to see debugging logs during development.
We created in a lookup a search perimeter (host, source, and other fields) and we created some filters in the dashboard using the lookup fields so the user can filter logs.

In other words, users choose search parameters and using the perimeter lookup we create a search containing the main information: index, sourcetype, source, host.
In addition user has a free text input to add words to search.

As results, we display timestamp and a part of raw (first 200 chars) of a list of events; if the interesting event is larger that 200 chars, clicking on event, it's possible to display the full event in another panel of the dashboard.

Bye.
Giuseppe

Reply

yoyu777
Explorer
‎11-16-2017 03:00 AM

Thanks Giuseppe.

So just to validate my understanding, you created your own app, and did some customisation so non-technical users can create filters by clicking of mouse? Did you just the out-of-the-box interface, or did you use HTML and Javascript scripts, or SplunkJS?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-16-2017 10:18 AM

No we have a lookup where there are all the information about the search perimeter:

  • perimeter
  • name
  • environment (Production or Qualification)
  • hostname
  • IP
  • Log Type (Application or System)
  • source
  • List item

Users in a dashboard can choose all the above parameters, in this way we can identify:

  • index
  • sourcetype
  • source
  • host

and show to the user all the events that match filters.
The only additional choice is a full text search input.

We did all with standard Splunk interface, without additional components.

The main job is to design the perimeter, but we usually already have it because target are development logs, so we can easily delimiter our perimeter.

Bye.
Giuseppe

0 Karma
Reply

worshamn
Contributor
‎11-15-2017 09:37 AM

What about trying the tables option from the Datasets Add-on (https://splunkbase.splunk.com/app/3245/)? This lets users work with an Excel-like interface and there is an option on the side to see the SPL it creates. Once you install the app and go to the "Datasets" tab, click on "Create New Table Dataset" to be walked through creating a table to work with.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...