icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Search Catalog
SHA256 checksum (search-catalog_112.tgz) 9ffb7fc65568030e3e351f43f68acc3defb239cb050164b55fa72379ae9c0d9f SHA256 checksum (search-catalog_111.tgz) 2a83129e9e71c82b71b01266f46838157b42d4b8a78fc52d1bd281905e7823b1 SHA256 checksum (search-catalog_110.tgz) b1d01a6c0681d62b7093d3d2e7719da2f4d4ca463eab04ccd93b6048bfbc71a4 SHA256 checksum (search-catalog_104.tgz) c9e615c5cdcd2403d1c3cc1e7671d2280fd93f449193ad1529c8773d464f8635 SHA256 checksum (search-catalog_103.tgz) 131b21bf2e0d9d24dd7717b596ac9784c2d6639600bfe6051291140b0b2eadf1
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Search Catalog

Splunk AppInspect Passed
Overview
Details
Have you ever wanted a centralized location to direct users to so they can find what they need? Example: What special index do we store our firewall data? This app provides a simple interface to centrally locate information on where data is stored in a given Splunk instance.

Search Catalog

The intent of this app is to provide a simple interface for sharing knowledge in Splunk through editing a simple CSV file, the app can generate a set of standard dashboards and navigation.

Description and Use-cases

Have you ever wanted a centralized location to direct users to so they can find what they need? Example: What special index do we store our firewall data? This app provides a simple interface for both administrators (to catalog data locations) and users (to find the data they need).

Depending on how Splunk is managed, finding data for a new (or even experienced) user can be challenging. The primary use-case of this app is for a Splunk adminstrator to be able to easily catalog (using a CSV file) where specific types of data (that an end user may have interest in) would be found on the given system and provide the end user an interface to quickly find this data (using Splunk’s built in menu system). Even though there exists the CIM, not all data is CIM compatible, nor is a user necessarily familiar with CIM. This can be especially helpful as new data types become available in Splunk that are not complying with CIM.

How to use

Adminstrator

The app comes with an example CSV lookup file with sections, subsections and searches that should be universal. Using the built-in dashboard to add searches, an administrator can fill the catalog with the necessary content for the users. The CSV can also be edited directly or the app contains links to open the file in the Lookup File Editor app (https://splunkbase.splunk.com/app/1724/ requires 2.x), especially useful if searches need to be deleted. While it is not required, it is recommended to fill out the Notes section of each search so that both the generated dashboard will give some helpful context and a user may find the search based on keywords in the notes (using the search dashboard called “Not Sure Where to Look?"). The administrator should either copy the example CSV found in the samples directory to the lookups directory or use the add searches dashboard to create the file.

Once the lookup/CSV file has been populated with searches, the app has a custom command to generate menus and dashboards based on the searches given (“Generate Dashboards”). Each search is given it’s own dashboard with notes, events, and some basic info and statistics of it’s primary fields. There are also links to open the search up in the normal search window (in the regular Search app not the Search Catalog) from the dashboard as well as a time range picker.

Each generated dashboard includes a panel titled “Most Populated Fields”. If an admin wants to filter specific fields out of this (i.e. date_*) the most_populated_filter.csv file must be created and filled. Similar to the search_catalog.csv the app contains an example most_populated_filter.csv, and again the administrator should either copy the example CSV found in the samples directory to the lookups directory or use the add searches dashboard to create the file.

End User

From the Welcome screen a user is introduced to the number of searches that exist in the search catalog along with an idea of how those searches are dispersed. The user is given instructions to browse through the Search Catalog’s menus, search or see what are the latest searches that have been added.

Release Notes

Version 1.1.2
Feb. 1, 2018

Minor update for Splunk Certification requirement and code formatting updates. Fix searching to not return folders.

Version 1.1.1
Jan. 31, 2018

Fixed Most Populated Fields panel to not max out on quantity of distinct values. Fixed naming scheme for dashboard to seperate correctly. Fixed "Not Sure Where to Look?" and "Most Recent Added Searches" dashboards as they were not creating correct links to dashboards anymore.

Version 1.1.0
Jan. 24, 2018

Minor fix to welcome screen. Added most_populated_filter to act as place to drop in fields to not include in the Most Populated Fields panel. Fixed opening result count. Update to dashboard filenames to allow generated dashboards to have the same basename and punctuation.

Version 1.0.4
Jan. 16, 2018

Fixed base search generating to fill "Most Populated Fields" panel correctly.

Version 1.0.3
Jan. 13, 2018

Fixed link to Lookup File Editor app latest version (2.7.1)

61
Installs
431
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.