Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to monitor Splunk dashboard usage using internal Splunk log files?

tries
Path Finder
‎08-04-2014 01:07 AM

I have a dashboard with the following specs and like to see how often this dashboard is used :

SPECS (Dashboard):
1 input (text) - where user can type in a email address
~20 search panels which generates charts/reports depending on the email address which is typed into the input field

I like to monitor, using the internal Splunk log files, how often the dashboard is used. Each time the dashboard is used with a filled input the count should be increased by one.

Example (for new usage):
- User is typing in manually a new email address inside the dashboard
- User is using a link to the open that dashboard where an email address is already included as a parameter

I didn't find a proper way yet. I thought this muss be possible using the _internal Splunk log files but it didn't seem so. I tried using the web_access.log and remote_searches.log but both sources couldn't show me a valid result.

Any ideas ?

Thanks,
Thorsten

0 Karma
Reply

jdastmalchi_spl
Splunk Employee
Splunk Employee
‎08-18-2014 08:19 AM

With the assumption that the events in the logs that are within 2 minutes of eachother this should give you the infor you want. replace <myappname> and <mydashboard> with the appropriate app_name and dashboard_name.


index=_internal source=*/web_access.log*
| search "/app/" AND "POST"
|rex "\/\/\w+\:\d{4}\/en-US\/app\/(?<app>\w+)\/(?<view_name>\w+)"
|search app="<myappname>" AND view_name="<mydashboard>"
| transaction referer maxspan=2m
|table _time,app,view_name,user,form_email

or


index=_internal source=*/web_access.log*
| search "/app/" AND "POST"
|rex "\/\/\w+\:\d{4}\/en-US\/app\/(?<app>\w+)\/(?<view_name>\w+)"
|search app="<myappname>" AND view_name="<mydashboard>"
| transaction referer maxspan=2m |timechart count(form_email) by user

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...