LukeMurphey
commented
7 years ago Oh yeah, I can definitely do that. I'll plan for it in the next release.
Closed sylbae closed 6 years ago
LukeMurphey
commented
7 years ago Oh yeah, I can definitely do that. I'll plan for it in the next release.
sylbae
commented
7 years ago Thanks a lot
mgholls
commented
6 years ago Wouldn't it be better to use a search macro? I've found the pattern used in the Splunk App for AWS to work quite well with custom indexes, where they have a macro for the index and then a macro for the sourcetype that references the index macro.
Macro Name Definition
web-ping-index (index="main")
web-ping-sourcetype (web-ping-index sourcetype="web_ping")
Then replace any sourcetype="web_ping" with the web-ping-sourcetype macro in all places.
As a user then I just override the web-ping-index macro definition with my custom index name and everything works.
LukeMurphey
commented
6 years ago My plan was actually to use a macro. BTW: I have this almost complete, should be done very soon.
sylbae
commented
6 years ago That is a great news. Personally I am fine with macro (instead of event type). As far as it let me make a single local modification to specify the custom index.
Thanks for your work.
LukeMurphey
commented
6 years ago This is now supported in version 2.6. I put a link to the macro at the bottom of the setup page. The macro is used in both the dashboards as well as the saved searches.
mgholls
commented
6 years ago I see you have made a number of commits since your released 2.6 to Splunk base. Do we need to wait for a new release?
LukeMurphey
commented
6 years ago @mgholls: version 2.6 is the latest. I see any commits on this project after I released it (although I did on another project).
Hello,
Your app is great but it makes the wrong assumption that the index containing webmon events will be searched by default. In my environment, for performance reasons, I enforce explicit usage of index=XXX in any search. So each time you make a new release I have to edit your app to add missing index= to each dashboard, saved search (and I even found one in JS code :) To make my life easier, would it be possible to create an eventtype equals to sourcetype="web_ping" and use everywhere instead. This way I could easily make a single change to deal with my environment. Thanks.