Your nf file lists concurrency limits for different types of searches. If you have multiple saved searches in your dashboard, your dashboard only runs as many searches as your concurrency limit. See the Simple XML Reference for more details on the the element, its child elements, and usage requirements. You can also use a to generate form input choices or define post-process searches. You can use a element to define searches generating dashboard or form content. Search elements include child elements, such as for the search string and elements for the time range. The element defines a search in Simple XML source code. For more information, see Design pivot tables with the Pivot Editor in the Pivot Manual. You can generate pivots for export to dashboards. To change a prebuilt panel search, edit the prebuilt panel directly.Ĭhanges to a prebuilt panel appear automatically in dashboards where the panel is used. For more details, see the best practices for post-process searches.Ĭreate a prebuilt panel if you want to reuse a search and other content. You can also populate form inputs with a post-process search. You can use multiple post-process searches to generate different results from the same base search. Post-process searches perform additional processing on results from a base search. Indicate a results field to use for the choice labels and values that users see in the form. You can use a search to generate form input choices dynamically.
Splunk saved search update#
When you change a report search, referenced report searches in dashboards update automatically. However, you cannot edit the search directly in the dashboard. You can edit the dashboard to adjust the visualization and time range from a referenced report. Use a reference to the report to add its search and visualization to a dashboard or form. Use a search saved as a report to generate dashboard content. To ensure that all fields are extracted you can do one of the following: Inline searches run in "fast mode" which means that not all fields may be extracted. Base searches require post-process searches to modify results and generate visualizations in dashboard panels. You can also use an inline search as a base search in a dashboard. You can create or modify inline searches when you edit dashboard panels.Įach visualization can have its own inline search. Inline searches exist directly in a dashboard or visualization. You can use one or more search types in a dashboard depending on the content or behavior that you are creating.
Splunk saved search how to#
Learn about the available search types and how to work with them in Simple XML. You can also use searches to implement dynamic or interactive behavior in a dashboard. Searches generate visualizations and other content in dashboards and forms.
0 kommentar(er)
