Showing events in a raw web browser window ? liter...

guilmxm · ‎11-05-2015

Hi,

I have a strong request from my client that wants to be to be able to view events resulting from a SPL search in a very very basic We browser window.

Literally, what they want is the same kind of visualization you would get with any web server accessing an ASCII log file... None of built in visualizations for events (event, table) really answers to what they want.

Within Splunk, this is like showing the raw file with the "show_source" interface or the job inspector and the search.log hyperlink.

Does anyone knows a possibility to get this to work within a Splunk view ? I was thinking in creating a search manager within an html module, but after i don't know how to send the flow to a basic html window...

Thank you in advance 🙂

elliotproebstel · ‎10-18-2017

Here's the closest solution I know:

Make a dashboard that contains exactly one panel - a statistics table. The search for that table should be: your search | table _raw

In the visualizations settings, you can expand the number of visible rows to 100. I believe that's the greatest number of rows you can display at once; the rest will paginate.

elliotproebstel · ‎11-17-2017

@guilmxm - Did this work for you?

Showing events in a raw web browser window ? literally have a very basic raw events vizualization

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases