Keyword 2.0

I have written about this app on several occasions after a major update. It's time to do it again.

For those of you who may have not used this app, the Keyword App on Splunkbase is a set of 12 dashboards that allows a user to simply enter keyword(s) (such as Error or fail*) into forms and instant analytics happen for your query without having to understand field extractions or the Splunk Processing Language. It is designed to be self explanatory.

I have updated the app and tested it in Splunk 6.6 with the newest feature being a form dashboard contributed by Splunker Hutch Hutchinson. He calls it the easy button because all you have to do pick your index(es), sourcetype(s), and it will find occurances of failures, errors, exceptions, etc in your events. You can also put in additional keywords. A screenshot of it in action will illustrate usage:

It is the easy button to do your searches as you do not need to know how to input your index or sourcetype from a Splunk command line in the browser. I actually took Hutch's index input and put in for every form as we found out that Keyword is not just for first time users, who start off by putting everything in the main index. Enjoy.