Splunk Search

Custom Search Lite app

Path Finder

I have an odd requirement where I want to limit the index, source or sourcetype for my end users.

I have had a quick go at building my own "Search" app using: http://docs.splunk.com/Documentation/Splunk/6.1.1/AdvancedDev/AdvancedSearch
and advancedxml.

Ideally, I would like it to be SimpleXML, but can live with advancedxml.

The functionality needs to allow me to prepend all searches with some static hidden search (ie index=main | )

Pretty sure I have seen this before and would like to avoid the use of an external framework.


0 Karma


I dont belive it is possible with simple XML.
In splunk 6 using flashtimeline view under;


You can add;

 <module name="HiddenIntention">
   <param name="intention">
     <param name="name">addterm</param>
     <param name="arg">
       <param name="index">MyHiddenIndex</param>

However you are better of trying to use the new webframework and ( i assume, havent really done it yet) creating your own django-template with search terms, like in advanced xml / flashtimeline )

Hope it helps! 🙂

0 Karma


Is this filtering to be done on a per-user or per-role level? If so you can just create search filters that are automatically applied for each user or role that you specify. This can be set in the access controls section for each user or role in the manager.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!