Custom tabs for saved searches

akocak · ‎12-18-2017

Hi Splunkers,
thanks upfront for your time.
I have a requirement that I started to research recently. I wanted to share here as well to get more ideas:

I have a team in my clustered environment that wants to separate alerts within the same app. We can imagine requirement as having more than one alerts tab in default navigation menu. I have 2 questions:
1) how can we separate same object (alerts) into different tabs (I consider forcing them to have a special character in the naming possibly)?
2) how can we add this process to creating alerts ? like having some option to choose where new alert to be stored

Question might be newbie. I do appreciate patience.

MousumiChowdhur · ‎12-20-2017

Hi @akocak!

You can try adding alerts to the navigation menu. Yo can create different alert tab for different teams which may or may not have same alerts and give the permissions accordingly.

Find the below link for more details:
http://dev.splunk.com/view/webframework-developapps/SP-CAAAEP9

I hope this can help you to solve your first point.

Regarding the second point, you will have to manually add the alert to the respective navigation menu or you can try to save the alerts in different apps. While saving the alerts you can select the specific app you want to save the alert to and give the user permission of that app specifically.

Thank You!

akocak · ‎07-19-2018

Hey, I will soon work on this task and grade your answer 🙂

MousumiChowdhur · ‎07-25-2018

@akocak, Sure!

Custom tabs for saved searches

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases