Custom Search Lite app

nickstone · ‎06-13-2014

I have an odd requirement where I want to limit the index, source or sourcetype for my end users.

I have had a quick go at building my own "Search" app using: http://docs.splunk.com/Documentation/Splunk/6.1.1/AdvancedDev/AdvancedSearch
and advancedxml.

Ideally, I would like it to be SimpleXML, but can live with advancedxml.

The functionality needs to allow me to prepend all searches with some static hidden search (ie index=main | )

Pretty sure I have seen this before and would like to avoid the use of an external framework.

thanks!

lmyrefelt · ‎06-17-2014

I dont belive it is possible with simple XML.
In splunk 6 using flashtimeline view under;

You can add;

 <module name="HiddenIntention">
   <param name="intention">
     <param name="name">addterm</param>
     <param name="arg">
       <param name="index">MyHiddenIndex</param>
     </param>
    </param>

However you are better of trying to use the new webframework and ( i assume, havent really done it yet) creating your own django-template with search terms, like in advanced xml / flashtimeline )

Hope it helps! 🙂

Ayn · ‎06-13-2014

Is this filtering to be done on a per-user or per-role level? If so you can just create search filters that are automatically applied for each user or role that you specify. This can be set in the access controls section for each user or role in the manager.

Custom Search Lite app

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability