Open in app

Sign in

Write

Sign in

Navigating Splunk Docs and Answers

A shortcut to your favorite Splunk Docs and Answers posts

Ryan Adler
Stage 2 Security
4 min readAug 7, 2020

--

Update: This post was updated on 2020/09/04 with new content. It’s at the bottom, under the UPDATES section

For those that work with Splunk, or really any technical product, good documentation can be the difference in having awesome implementation, or cobweb covered shelf-ware. In Splunk’s case, the documentation is superb (as is the team that maintains it), but the search capability can be improved, especially if you know what configuration you are already after.

Meet Chrome’s customizable search engine feature (chrome://settings/searchEngines)

Other search engines gives you the ability to add a custom URL and trigger term to search by. For example, if you wanted to be able to search Splunk’s documentation by specific configuration file, you’d set the following parameters.

Search Engine: Spec Files
Keyword: conf
URL: docs.splunk.com/Documentation/Splunk/latest/Admin/%sconf

Save and Test. Open a new tab and type conf, and press space. You’ll see Chrome shift after your keyword entry and take whatever you type next and place it in where the %s exists within the URL.

Press enter. In this case, I wanted to pull up the spec file for transforms. This eliminates bookmarking every conf file, or having to use Splunk’s internal navigation. Example use cases for this feature on Chrome:

UPDATES

2020/09/04 - Enabling Firefox to Search Docs like Chrome
2020/08/07 - Enhancing your Chrome Experience with HTML5 and Highlighting

Enabling Firefox for Keyword Searching

Like Chrome, Firefox allows you to create a custom method of searching through websites. Instead of a custom search engine though, Firefox uses keywords in bookmarks, and doesn’t advertise the variable substitution, but it does work in a similar fashion.

Open Firefox and open your bookmarks manager. On a Mac, this is through Bookmarks → Show All Bookmarks.

Under ‘Other Bookmarks’, add a bookmark with the following information:
Name: Splunk Docs Spec Search
Location: https://docs.splunk.com/Documentation/Splunk/latest/Admin/%sconf
Keyword: spec

The %s still works as a substituted string, and now when you are in a Firefox tab, type spec and the bookmark will appear. Space delimited, the next word you type will be placed into the %s as a replacement.

Use this for any of your spec files, documentation reference, and with answers.splunk.com as well.

Enhancing Chrome with HTML5 Anchors

If you’ve been looking for a way to customize your search engines even further, now you can. Welcome to a quick upgrade to searching Splunk Docs, with new highlighting features.

You may have been in a position before where you had to quote or link to a specific point in the page, illustrating that yes a certain stanza entry has camel case vs underscores or some oddity. Introducing a custom google search engine modification that allows you to type in a spec file identifier, and start/end text highlighting.

Chrome → Preferences
Search Engines → Custom Search Engines
Add a new engine, Name and keyword as you like.

In the site, paste the following:

You can use as many $s{[N]} entries as you like. The engine separates by spaces, so the first keyword here is the conf file, the second keyword is the start text, and the third is the end text. When using this search engine, Chrome only recognizes the Shift+Enter combination, but it does work:

Splunk
Chrome
Search
Firefox

--

--

Ryan Adler
Stage 2 Security

Written by Ryan Adler

3 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams