Splunk Quick Search in Chrome with OffiDocs

DESCRIPTION:

Run the Chrome online web store extension Splunk Quick Search using OffiDocs Chromium online.

Perform Splunk searches on highlighted text

Allow users to instantly search selected text in their Splunk instance with a simple right-click. The extension adds a 'Search in Splunk' option to Chrome's context menu, which automatically executes a search in Splunk using the selected text and displays the results in a popup window with intelligent grouping of similar events.

Features
- Right-click any selected text to search in Splunk
- Grouped results view with pattern detection and counts
- Token-based authentication for secure access
- Customizable search templates and time ranges
- Results displayed in a convenient popup window
- Built-in debug tools for troubleshooting

Configuration
- Configure the following settings:
- Splunk API URL: Your Splunk API endpoint (e.g., https://splunk.company.com:8089)
- Splunk UI URL: Your Splunk web interface URL (e.g., https://splunk.company.com:8000)
- Authentication Token: Your Splunk authentication token
- Search Template: Search query template (default: index=* $SELECTION$)
- Time Range: Time range for searches (default: -24h@h)
- Max Results: Maximum number of results to fetch (default: 1000)

Getting a Splunk Token
- Log into your Splunk instance
- Navigate to Settings → Tokens
- Click "New Token"
- Set appropriate permissions (search capability required)
- Copy the token value (without any prefix)

Usage
- Select any text on a webpage
- Right-click the selected text
- Choose "Search in Splunk: 'your selected text'"
- View results in the popup window

Results View Features
- Grouped Results: Similar log entries are grouped with occurrence counts
- Pattern Detection: Automatically identifies and groups similar messages
- Expandable Details: Click on any group to see individual instances
- Search Highlighting: Your search terms are highlighted in yellow
- Quick Stats: View total results and unique patterns at a glance
- Open in Splunk: Click to open the full search in Splunk UI

Example Workflow
- Select Text: Highlight a URL, error message, or any text you want to search
- Right-Click: Open the context menu
- Search: Click "Search in Splunk: 'https://mobile.events.data.microsoft.com'"
- View Results: See grouped results with pattern counts

Troubleshooting & Common Issues "Authentication failed" error
-Verify your token is correct
- Ensure token has search permissions
- Check if token has expired
- "Network error" or SSL certificate issues
- Self-signed certificates is not supported
- Verify the API URL is accessible from your network
- Check your search template syntax
- Verify the time range includes relevant data
- Ensure your token has access to the searched indexes

Debug Tools
- Click "Troubleshooting & Debug" in the extension popup
- Use the debug page to:
- Test your Splunk connection
- View stored configuration
- Check for errors in the console

Splunk Quick Search web extension integrated with the OffiDocs Chromium online