Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to customized my own search page , which with more inputs fields in it?

leooooowang
Loves-to-Learn Lots
‎11-02-2023 08:50 PM

I have build such customized search page by Advance XML before. 

The example is like this :

advance_search_page.PNG

It will add more input fields on the search page, but still keep the UI features of search results.

Our users love this!!  and this is why we couldn't  upgrade our Splunk to the latest version ( which is not support the Advance XML )

Is there anyway that I could customized the search page by Simple XML Dashboard?

 

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-03-2023 05:06 AM

Hi @leooooowang,

you could use the searches you're using in the present Advanced XML page to recreate this page in Simple XML.

Start from the panels and then add one by one the inputs.

It isn't complicated only it's a long and annoying job.

Ciao.

Giuseppe

0 Karma
Reply

leooooowang
Loves-to-Learn Lots
‎11-05-2023 10:08 PM

Hi, @gcusello  :

  Yes, create those inputs fields by Simple XML is easy. But the hardest part is the UI  page of search result.

   Our users want to keep the "event timeline" , and "fields summary" on the result page.

   I can't find anyway to implement such UI function by Simple XML . 

   And the out-of-box  "search" page does not look like implemented by Simple XML,too...

 

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-05-2023 10:18 PM

Hi @leooooowang,

as I said, you have to create a new dashboard in Simple XML that have the same panels and inputs of the Advanced XML dashboard.

You have to create all the panels and inputs using the same searches of the old dashbord.

Event Timeline can ve displayed using a chart or the timeline wiz (https://splunkbase.splunk.com/app/3120), instead fields summary should be a list of fields that you can insert in a table.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...