Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

"New Search" function of Table view misses Index

testuser013
New Member
‎04-10-2025 06:18 AM

Hello,

today I have found a bug(?) in the "New Search" function from the Table view.

What I do mean with the "New Search" function:

Run a search and select the table view (not raw or list). Then click on one of the shown values of a field, for example the value of a host field, and select "New Search".

Now a new search starts with the selected field+value, but instead of using the same index(es) from the view before, only a * will be used.

As we do not have defined any default indexes in our environment those searches won't return any results, because no index is included ín the search. Is there a possibility how I can reconfigure this, instead of a plain asterisk?

 

Best Regards.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-10-2025 09:19 AM

The same happens with 9.4.1 - perhaps it is a feature? But, tbh, it sounds like a bug. Raise a ticket and see what support say?

0 Karma
Reply

testuser013
New Member
‎04-10-2025 07:17 AM

Hi,

we do use Version 9.2.4.

The behaviour is independent of the search complexity. It also doesn't change if I search internal logs or through several indexes. The index(es) will always be replaced by an *

The behaviour is also the same within the list view, so it's not only table view related.

 

BR

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎04-10-2025 06:52 AM

Hi

Which version of Splunk are you running? For me when I click on a "New Search" in either table view or list view I get the same behaviour, which in my example did index=_internal (Which I had searched) and added the field I clicked. 

Does it differ if you have a more complex query? 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...