Recommended naming convention for saved reports, s...

raoul · ‎04-01-2011

Is there an established naming convention for saved reports, searches, events and suchlike in Splunk?

If not, does anyone have any suggestions based on successful usage?

jamessevenerlmc · ‎02-21-2019

Since this was one of the first answers on a Google Search, I figured I'd add this: https://docs.splunk.com/Documentation/CoE/current/Handbook/Naming

thall79 · ‎04-01-2011

Not sure if there is a Splunk standard, but it does make it nice to come up with a standard naming convention to organize your searches.

For example I begin some of my search names with audit (ex: audit_fails, audit_successful). Then under my app I go into manager - user interface - navigation menus - default and added the following under

So any time I create a search with the word audit it automaticly gets placed in the searches menu . I have another for my Database searches that I start with db_ (ex db_group1, db_group2) so it can get organized in a menu just for them so I am not scrolling through my other search to find them.

Some good reading would be: http://www.splunk.com/base/Documentation/4.2/Developer/Step6BuildNavigation

This one talks about the helpfulness of naming conventions: http://www.splunk.com/base/Documentation/4.2/Knowledge/Developnamingconventionsforknowledgeobjecttit...

Hope this helps

Travis.

Recommended naming convention for saved reports, searches, events, etc?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life