Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to search in default indexes (not only one) in one app without providing the index.

zugji
Path Finder
‎04-13-2017 07:07 AM

Hello folks

There is a way to configure which indexes belongs which splunk app. Is there also a way to configure in app to tell splunk per default which indexes to search through.
Let's say I have three indexes called: ix1, ix2, ix3

If I go to the searchbar of this app I would like that splunk is adding a base search: index=ix1 OR index=ix2 OR index=ix3 <rest_of_the_search_provided_by_the_user> that I don't have to enter everytime all indexes.

Thanks for your advise.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎04-13-2017 09:39 AM

Short answer : No.
The index access is controlled by the roles, not by the apps.

You can use a macros specific to the app to prefill your base search, but you will have to find a way to call that macro.
You may want to piggy back on this question for way to script that :
https://answers.splunk.com/answers/521009/in-a-custom-app-dashboard-is-it-possible-to-have-a.html

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-14-2017 12:26 AM

I usually create an eventtype with all indexes and I use it in every search, so in this way I can add or delete an index from my search without modifying all dashboards.
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...