Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- how to clone a search window
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
say i've got an interesting search going; it's yielding some pretty good values, but i think i might want to tweak it.
what i'd really like to do is just clone the whole splunk window, and modify the clone.
what i actually have done is written a little bash script to convert a search line into a URL - i copy my search term into the system clipboard, pipe it through my bash script, then paste the results into the URL bar in a new browser window.
it would be awesome if splunk had a button to do this for me, preserving the timerange from the original window.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can see the benefits of that, although in Chrome you can already right click and duplicate a tab. Though this won't preserve any results that Splunk might have already fetched it will preserve the search and time range.
Also you could always create it as a saved search and run that from the search window and just modify/clone it via the saved searches screen.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can see the benefits of that, although in Chrome you can already right click and duplicate a tab. Though this won't preserve any results that Splunk might have already fetched it will preserve the search and time range.
Also you could always create it as a saved search and run that from the search window and just modify/clone it via the saved searches screen.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks Drainy!
oh interesting - w/ splunk 4.3 it looks like the URL keeps up-to-date with the search you're working on, so just copying the URL is sufficient. that's great. previously that wasn't the case.
saving a search and editing it technically works, but practically has a couple issues: 1) it takes a lot of time to do. 2) it pollutes your saved-search space.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
