Organizing "Searches and Reports" and "Views"

davidc · ‎01-14-2011

What's the best way to organize "Searches and Reports" and "Views"? I'm trying to figure out some type of structure before it's to late. Currently we have 20 - 30 of each and it's a pain selecting "Searches and Reports" and seeing ALL searches ditto for "Views".

I would like to create a service subfolder and add searches and reports that are associated to that service.

Is this possible? I'm running Splunk 4.1.6

Paolo_Prigione · ‎01-16-2011

Yes it does. You can just nest the <collection> tags one into each other.

<collection label="Status">
    <collection label="Search activity">
      <view name="search_status" />
      <view name="search_detail_activity" />
      <view name="search_user_activity" />
      <view name="search_ui_activity" />
    </collection>
    <collection label="Index activity">
      <view name="index_status" />
....

stefanlasiewski · ‎02-25-2013

Also see http://splunk-base.splunk.com/answers/10664/organizing-searches-and-reports-and-views/10696

davidc · ‎01-14-2011

NM. I figured it out.

Does Splunk 4.1.6 support multi-level nav menu?

Organizing "Searches and Reports" and "Views"

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...