Feature #2074

Add ability to define an index to output the results to (and constrain searches to)

Added by Luke Murphey almost 5 years ago. Updated almost 5 years ago.

Target version:
Start date:
Due date:
% Done:



I have a possibly unique situation in that my “customers” are given different indexes because like 2 year olds in a sandbox, they don’t play well together. So, for instance anything they contribute to Splunk, goes into their own indexes and instead of searching the main indexes for shared platforms e.g. Firewalls that data is parsed out to summary indexes that only contain traffic with a src or dest of their subnet.

I would like to offer the network toolkit to the various departments but would need to limit their access to only their interactions with it. What would be ideal is having everything a user from deptA does when interacting with the toolkit got to index_deptA. I can see a couple of ways to do this: replicate the app with different names, default index, permissions. Or use forms on the various user apps which limit the searches to their subnets.

Associated revisions

Revision 202 (diff)
Added by lukemurphey almost 5 years ago

Adding index option for outputting search command data to an index

Reference #2074

Revision 203 (diff)
Added by lukemurphey almost 5 years ago

Making it possible to declare which index to search and store the data in

Reference #2074


#1 Updated by Luke Murphey almost 5 years ago

To do this I need to:

Command Command Updated View Updated
nslookup Yes Yes
speedtest Yes Yes
whois Yes Yes
traceroute Yes Yes
ping Yes Yes

#2 Updated by Luke Murphey almost 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF