Splunk Search

Organizing "Searches and Reports" and "Views"

davidc
Engager

What's the best way to organize "Searches and Reports" and "Views"? I'm trying to figure out some type of structure before it's to late. Currently we have 20 - 30 of each and it's a pain selecting "Searches and Reports" and seeing ALL searches ditto for "Views".

I would like to create a service subfolder and add searches and reports that are associated to that service.

Is this possible? I'm running Splunk 4.1.6

Tags (1)

Paolo_Prigione
Builder

Yes it does. You can just nest the <collection> tags one into each other.

<collection label="Status">
    <collection label="Search activity">
      <view name="search_status" />
      <view name="search_detail_activity" />
      <view name="search_user_activity" />
      <view name="search_ui_activity" />
    </collection>
    <collection label="Index activity">
      <view name="index_status" />
....

stefanlasiewski
Contributor
0 Karma

davidc
Engager

NM. I figured it out.

Does Splunk 4.1.6 support multi-level nav menu?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...