Splunk Search

centralize search queries with links

at1ll3y
New Member

Hello community,

I'm currently building an application for a customer. Since the needs of the customer are steadily changing, I have to redefine the search queries from time to time. I'm using the same Queries in Reports, Dashboards and Alerts and have to make my changes in those three files places.
1. Is there any possibility to save a Search Query in on place (i.e. a String variable) and call it wherever it's needed (in Alerts, Reports and Dashboards)?
2. Is it furthermore possible to manage Dashboard tokens with this central saved Search query?

Thanks!

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @at1ll3y,
Have you tried saved searches

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...