Adding a navigation menu

Path Finder

How can i add a navigation menu to search options in splunk web 6.
Ie when i click search in home page i can see pivot,report,alerts etc.
I want to add one like that .

0 Karma


It's even easier then running a lot cryptic commands;

Go " Settings - User Interface - Navigation menus " , choose Your app and you will find under "Nav Name" an option called default. This is Your app menu .

Here you can add a

It is rather well documented in the docs and in various books.


reload Your app after

0 Karma


This is actually quite easy; Splunk has pretty good documentation about how to build navigation for an app:

I'm not sure what platform your on, but on m Mac I ran the following commands:

#change to the base directory of the search app
# on Linux this would more likely be cd /opt/splunk/etc/apps/search
cd /Applications/Splunk/etc/apps/search

#make a local directory for the nag menu
mkdir -p local/data/ui/nav

#copy the default nag menu to the local directory
cp default/data/ui/nav/default.xml local/data/ui/nav/

#edit the local nav file to add the menu entry
vi local/data/ui/nav/default.xml

I then added <view name="foo" /> to the file so it looked like:

 <nav search_view="search" color="#65A637">
  <view name="search" default='true' />
  <view name="data_models" />
  <view name="reports" />
  <view name="alerts" />
  <view name="dashboards" />
  <view name="foo" />

To actually see the change, you need to actually create a view called foo (e.g. mkdir -p local/data/vui/views/ && vi local/data/ui/views/foo.xml).

The other thing to watch for is I originally chose the show source view, not really caring if it made sense as I just wanted to ensure the menu item showed up. Since show source doesn't make sense as a direct link, they set isVisible="false" so the link wouldn't show up.

Finally, you may need to do a debug refresh to see the changes (e.g. add debug/refresh to the URI root for your splunk install)


I totally agree with you and it is the way i prefer to work as well, however for never People / People not used to unix will get very very confused and scared 😛

0 Karma


lmyrefelt made a good point that you can do this through the web interface; for us, using the web interface causes all sorts of issues (we're fairly large and diverse; about 5,000,000 events a day / 2TB per day license) so I tend to think this way and as a unix person I prefer editing files that I can put in version control. Either way, I think it makes good documentation as this way will always work so if anyone finds the commands cryptic or needs more guidance please let me know and I'd be happy to try and help out.

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...