How to get searches to run in Smart or Verbose mod...

franks59 · ‎02-17-2016

All my dashboards panels, written in Simple XML, default to Search Mode "Fast" when the "Open In Search" icon is selected. To see the event details, either "Smart" or "Verbose" mode needs to then be selected which is a major PITA.

Is there any way to get these searches to run in either Smart or Verbose mode upon selecting the "Open in Search" option from the dashboard panel?

Thanks,
Frank

nburgess1 · ‎10-27-2016

I had a problem of my workflow actions not being available in the dashboard because the fields were not showing up. I added | fields * to the end of my search and it forced the search to run in verbose mode making my workflow actions available again.

bnorthway_splun · ‎10-30-2019

this is really important when using post-process searches. Add | fields * to the base search. Thanks for the tip!

rewritex · ‎05-18-2016

Maybe try dropping this in your source/xml: <param name="searchModeLevel">verbose</param>

http://docs.splunk.com/Documentation/Splunk/6.1.3/AdvancedDev/ModuleReference

Jugabanhi · ‎06-24-2021

Hi @rewritex ,

Could you please give a snippet of the same. On click of search icon of panels in my dashboard, the queries are running to verbose mode only, want to change it to fast mode. I am using Base search in my dashboard.

Since export option is not available, trying out this scenerio, but I have a good amount of data, as such running in verbose mode is something trying to avoid.

@all, please suggest some.

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases