Documentation > Splunk > Admin Manual > Looking up events on SplunkBase

Admin Manual

 


How Splunk Works
Getting Started
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Data Distribution
Granular Access Control
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

Looking up events on SplunkBase

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Looking up events on SplunkBase

By default SplunkBase lookups are enabled in Splunk version 3.0.2 and higher. If you have an older version and want to enable SplunkBase lookups, follow these instructions.


Configuration

You can enable SplunkBase look ups through field actions, by editing field_actions.conf.


Add the following code to $SPLUNK_HOME/etc/bundles/local/field_actions.conf: 


[SplunkBaseLookup]
metaKeys=_raw, host
uri=http://www.splunkbase.com/
label=Search Splunk Base
target=splunkbase
method=POST
payload= event={$_raw}&myhost={$host}

Once you add this code, you will be able to right-click on the timestamp of events and get a menu that lets you look up events on SplunkBase.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.0.1/Admin/LookingUpEventsOnSplunkBase"

This documentation applies to the following versions of Splunk: 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!