Splunk - Reports
Splunk reports are results saved from a search action which can show statistics and visualizations of events. Reports can be run anytime, and they fetch fresh results each time they are run. The reports can be shared with other users and can be added to dashboards. More sophisticated reports can allow a drill down function to see underlying events which create the final statistics.
In this chapter we will see the creation and editing of a sample report.
Report Creation
The report creation is a straight forward process where we use the Save As option to save the result of a search operation choosing the Reports option. The below diagram shows the save as option.
By clicking on the Reports option from the dropdown we get the next window which asks for additional inputs like the name of the report, the description and choosing the time picker. If we choose the time picker it will allow the time range to be adjusted when we run the report. Below diagrams shows how we fill the required details and then click save.
Report Configuration
After clicking save to create the report in the above step we get the next screen asking for configuring the report as shown below. Here we can configure the permissions, scheduling the report etc. We also get an option to go to the next step and add the report to a dashboard.
Let’s click view in the above step and then we can see the report. We also get the configuration options now after the report is created.
Modifying Report Search Option
While we can edit the permissions, schedule etc., sometimes we will need to modify the original search string. This can be done by choosing the Open in Search option from the previous diagram. That will open the original search option again which we can edit to a new search.
