New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use eventtype instead of sourcetype without explicit index #14
Comments
Oh yeah, I can definitely do that. I'll plan for it in the next release. |
Thanks a lot |
Wouldn't it be better to use a search macro? I've found the pattern used in the Splunk App for AWS to work quite well with custom indexes, where they have a macro for the index and then a macro for the sourcetype that references the index macro. Macro Name Definition Then replace any sourcetype="web_ping" with the As a user then I just override the web-ping-index macro definition with my custom index name and everything works. |
My plan was actually to use a macro. BTW: I have this almost complete, should be done very soon. |
That is a great news. Thanks for your work. |
This is now supported in version 2.6. I put a link to the macro at the bottom of the setup page. The macro is used in both the dashboards as well as the saved searches. |
I see you have made a number of commits since your released 2.6 to Splunk base. Do we need to wait for a new release? |
@mgholls: version 2.6 is the latest. I see any commits on this project after I released it (although I did on another project). |
Hello,
Your app is great but it makes the wrong assumption that the index containing webmon events will be searched by default. In my environment, for performance reasons, I enforce explicit usage of index=XXX in any search.
So each time you make a new release I have to edit your app to add missing index= to each dashboard, saved search (and I even found one in JS code :)
To make my life easier, would it be possible to create an eventtype equals to sourcetype="web_ping" and use everywhere instead.
This way I could easily make a single change to deal with my environment.
Thanks.
The text was updated successfully, but these errors were encountered: