0

I have the standard Splunk query web interface that allows the user to enter a single query at a time that looks like this:

enter image description here

Is there a tool that allows multiple queries in the same editor that can be selected one at a time and queried so that as I'm working I can write a series of queries and execute them one at a time by selecting a single query?

John
  • 3,458
  • 4
  • 33
  • 54

1 Answers1

2

You can save your searches into Reports (or Alerts, or Dashboards)

And you can save searches into an external location (eg a text file), and copy-paste them when you want them again later

Or you could have complex searches that utilize multisearch, append, subsearches, etc

But otherwise, no - there is no way to create a "library" of searches, and then pick them from a list

warren
  • 32,620
  • 21
  • 85
  • 124
  • 1
    Thanks. Not the answer I hoping for ;) Oh well. – John Apr 28 '20 at 15:03
  • 1
    @John - it might be an interesting add-on to write ... or feature request to submit :) – warren Apr 28 '20 at 19:21
  • 1
    I know, right :) There are a couple of Splunk JDBC drivers out there. Might be a fun school project. (https://splunkbase.splunk.com/app/4794/, http://unityjdbc.com/splunk/splunk_jdbc.php) – John Apr 29 '20 at 01:31