All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Advance xml dashboard dispatches search *

pradeepkumarg
Influencer
‎07-19-2016 08:53 AM

We have been observing several searches runnning with the search string as "search *" and narrowed it down to be coming from an advance xml dashboard.

I've tried removing part by part of the dashboard and still see this remaining of the dashboard dispatching a "search *" for the selected time range. Looks like something is mis-configured here and I can not find what. Appreciate any insight any one has on this

<view autoCancelInterval="90" isPersistable="true" isSticky="true" isVisible="true" objectMode="viewconf" onunloadCancelJobs="true" refresh="-1" template="dashboard.html">
  <module name="AccountBar" layoutPanel="appHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="SideviewUtils" layoutPanel="appHeader"/>
  <module name="URLLoader" layoutPanel="viewHeader" autoRun="False">
    <module name="TimeRangePicker" autoRun="False">
      <param name="selected">last 4 hours</param> 
        <module name="Button">
          <param name="allowAutoSubmit">False</param>
          <param name="allowSoftSubmit">False</param>
          <param name="label">Submit</param>
          <module name="SearchControls" layoutPanel="mainSearchControls">
             <param name="sections">jobControls export info</param>
          </module>
        </module>
      </module>
   </module>
</view>
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-19-2016 09:14 AM

In the navigation bar, go to "Key Techniques > Overview of the Advanced XML". And if you don't have such a page it most likely means you're using the extremely old LGPL version of the app and you should upgrade right away. (The current version of the app is completely free for internal use and if you have any questions just let me know)

That page is quite long, but once you read it you'll understand why this page is dispatching a search * search. In short the SearchControls module requires there to be search results. After all note that it has jobControls and an export button. The Sideview UI framework is simply noticing this, and determining that since you haven't specified anywhere what search should run, that you want it to run search *.

Note: Arguably in this kind of case it should display a big red error message instead of quietly kicking off a search * search, and since there is a giant reboot of Sideview Utils coming this year, this improvement may well happen.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-19-2016 09:14 AM

In the navigation bar, go to "Key Techniques > Overview of the Advanced XML". And if you don't have such a page it most likely means you're using the extremely old LGPL version of the app and you should upgrade right away. (The current version of the app is completely free for internal use and if you have any questions just let me know)

That page is quite long, but once you read it you'll understand why this page is dispatching a search * search. In short the SearchControls module requires there to be search results. After all note that it has jobControls and an export button. The Sideview UI framework is simply noticing this, and determining that since you haven't specified anywhere what search should run, that you want it to run search *.

Note: Arguably in this kind of case it should display a big red error message instead of quietly kicking off a search * search, and since there is a giant reboot of Sideview Utils coming this year, this improvement may well happen.

Reply
Solved! Jump to solution

pradeepkumarg
Influencer
‎07-19-2016 10:49 AM

Thanks Nick..

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...