Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

New app - old 4.3/5.0 style search view

mikaelbje
Motivator
‎03-04-2015 06:33 AM

I just created a new app on a Splunk search head that was initially configured with version 4.3 but has been upgraded to 6.2. When I open the new app I see the old and "ugly" style search view, not the one that was redesigned for 6.0+. This image displays the old style search view I want to get rid of:

alt text

This is the search view I want to see in all my custom apps:

alt text

How do I get all new apps to use the new search view instead of copying over the search.xml from the search app? The URL is the root of the app, i.e. app/OKMAN-EGE, not flashtimeline, so that's not the issue.

Tags (2)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎03-06-2015 03:15 AM

Ok guys, I found the culprit!

I have Splunk for DNS (sec_one_dns) installed, and for some reason it exports its search view globally:

alt text

I changed the Permissions to App, created a new app and went into its root directory and voila! The 6+ search view is back.

A good idea would probably be to remove the search.xml from all apps that were developed for Splunk 4.3/5.0.

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎03-06-2015 03:15 AM

Ok guys, I found the culprit!

I have Splunk for DNS (sec_one_dns) installed, and for some reason it exports its search view globally:

alt text

I changed the Permissions to App, created a new app and went into its root directory and voila! The 6+ search view is back.

A good idea would probably be to remove the search.xml from all apps that were developed for Splunk 4.3/5.0.

Preview file
1 KB
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎03-04-2015 04:11 PM

This is a bit of a guess, but in the app, back when you created it, did you call this view "search", ie search.xml? If so, this would have been fine back in 4.3/5.0 when there was no core view called "search" and the core search view was in fact called "flashtimeline". However such apps (including a couple of Sideview's) went through a bit of a hiccup when 6.0 came out, and their "search" view inadvertently stepped on and replaced the default search UI entirely.

If this guess is correct, you will want to rename this view somehow, and possibly worry about what underlying Splunk server your users are using. Also troublesome is that some pieces of how the page implement and respond to permalink arguments may be different for you, between the old and new so tread carefully there.

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎03-04-2015 09:44 PM

Thanks. I haven't created a view at all. This is a brand new app with no views added yet.

My workaround however is to copy search.xml from etc/apps/search/default/data/ui/views to the new app I created. I just don't want to manually apply this fix whenever someone creates an app.

Looks like something is messed up in a template somewhere?

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎03-05-2015 10:17 AM

If the URL displayed when you're looking at the view, is just the root of the app, app/OKMAN-EGE, that's pretty weird. The root of the app always redirects to the default view of the app, frequently something called "home". Is that the case here? If you type in the url as "app/OKMAN-EGE", does it redirect to something like "app/OKMAN-EGE/home" ? If so then that view "home" or whatever will be an advanced XML view and that's why it's appearing with the old advanced XML look and feel.

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎03-05-2015 10:24 AM

The root shows the search view (the old search view, that is). I believe the nav.xml file is what sets the default view through the default=true attribute.

I will try to replace the whole usr/share/ dir in my Splunk instance with one from a fresh install. It would be interesting to find out the actual cause of this though

0 Karma
Reply
Solved! Jump to solution

emiller42
Motivator
‎03-04-2015 02:22 PM

Well, to fix this instance, you can edit the navigation menu Settings > User Interface > Navigation Menus > default and make sure the entry for search is simply :

<view name="search"/>

That doesn't help with the generation however. Wonder if the templates don't update on an upgrade?

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎03-04-2015 09:39 PM

Thanks, but the view name is already search. I checked this with the reference. There's also a search_view="xml" in the first tag. I haven't touched the nav file at all. I've compared all the files in the new app dir with the dir from another Splunk search head at a different customer site and there is no difference at all. The cause of this lies outside of the app dir

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...