I would like to make either an app/add-on or a dashboard so that users who use Splunk only for a specific set of logs can search that data easier.
I would like them to be able to select said app or dashboard and then enter in search data. Currently, the particular data is coming in from the same index as a lot of other data, and the users have to remember to search for a particular field, "process=a_process", in order for the rest of their data (ip address or username) to show relevant search data.
Which would be better for this case between an app or a dashboard? How can I configure it so that they do not need to enter in
this field for them to search for related data? Eventually graphs and visualizations will be added to the page.
Thanks
... View more