Solved: Search view that only searches on specified index

mplacido · ‎10-24-2011

Hi,

I'm trying to create a Search view that only searches on the index I specify. But I don't seem to figure out how.
This should be very simple, but I can't find anything on how to do this. Is it possible?

mplacido · ‎10-25-2011

After som digging I actually figured it out myself.

I cloned the dasboard view, and added this lines to the xml after the Submit button module parameters.

and then just added the before the Submit module´s

And now every search I make in this view automatically adds index="myindexname" without others seeing it.

View solution in original post

mplacido · ‎10-25-2011

After som digging I actually figured it out myself.

I cloned the dasboard view, and added this lines to the xml after the Submit button module parameters.

and then just added the before the Submit module´s

And now every search I make in this view automatically adds index="myindexname" without others seeing it.

gkanapathy · ‎10-24-2011

There isn't a totally easy way to do this, other than to construct your view to prepend index=myindex to every base search on the page. This isn't trivial in some cases. Unfortunately, defaulting or restricting automatically is only available to roles, not views. This is a reasonable enhancement request, I think.

jbsplunk · ‎10-24-2011

just start your search with 'index=my_index'

Search view that only searches on specified index

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...