Solved: "What to search" is not showing.

P_Viz · ‎11-24-2020

Hey, I am working towards Slunk Fundamentals 1 and doing the eLearning assignments. Currently on Module5. I have imported the labs materials and such, and I am supposed to look for area called "What to search" in Searching and Reporting.

If I search anything then I can access the data, but I don't see the suggestions that "What to search" would provide me. Any idea how to turn it back on or how to activate it?

How my interface looks right now:

thambisetty · ‎11-24-2020

@P_Viz
I believe in latest version of Splunk the view has been changed. you can find what to search under How to search panel using Data Summary button.

————————————
If this helps, give a like below.

View solution in original post

zeespooky · ‎09-26-2021

@jaker07 , were you able to find it? I ran into the same issue while also working through Fundamentals 1.

I logged out of the regular user and back into the admin user. Found the Data Summary button there. Then logged out and back into the regular user to see if I had missed something, and it was there.

Either there's some processing that needs to happen before that button is active, or there's some issue refreshing the UI after ingesting data, or I just missed something.

thambisetty · ‎11-24-2020

@P_Viz
I believe in latest version of Splunk the view has been changed. you can find what to search under How to search panel using Data Summary button.

————————————
If this helps, give a like below.

jaker07 · ‎09-01-2021

It looks like there's been another update. I don't have a "Data Summary" button anymore, either:

Now what are we supposed to use?

"What to search" is not showing.

lookup

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms