-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Brought back normal search and added saved searches in a dropdown
- Loading branch information
Marc-Antoine Hinse
committed
Nov 26, 2024
1 parent
cad1e39
commit 3f0252c
Showing
2 changed files
with
9 additions
and
1 deletion.
There are no files selected for viewing
6 changes: 5 additions & 1 deletion
6
packages/flare/src/main/resources/splunk/default/data/ui/nav/default.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,11 @@ | ||
<nav search_view="search" color="#272735"> | ||
<saved name="Flare Search" default='true' /> | ||
<view name="search" default="true" /> | ||
<view name="configuration" /> | ||
<view name="status" /> | ||
<a href="https://docs.flare.io/splunk-app-integration" target="_blank">Documentation</a> | ||
<a href="https://app.flare.io/" target="_blank">Flare Platform</a> | ||
<collection label="Saved Searches"> | ||
<saved name="Flare Search" /> | ||
<saved name="Severity" /> | ||
</collection> | ||
</nav> |
4 changes: 4 additions & 0 deletions
4
packages/flare/src/main/resources/splunk/default/savedsearches.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,7 @@ | ||
[Flare Search] | ||
description = Shows all of the ingested events | ||
search = source="flare" | ||
|
||
[Severity] | ||
description = Counts the events by severity | ||
search = source=flare index=main | spath path=header.risk.score output=risk_score_str | eval risk_score = coalesce(tonumber(risk_score_str), 0) | eval risk_label = case(risk_score == 1, "Info", risk_score == 2, "Low", risk_score == 3, "Medium", risk_score == 4, "High", risk_score == 5, "Critical") | stats count by risk_label, risk_score | sort risk_score | fields - risk_score |