- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to schedule customized dashboard views to grou...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a form Dashboard that allows me to see different queries and visualization based on a Parameter (a Group Name).
I know I can't schedule such a Dashboard for PDF delivery, but I need to somehow find an alternative.
Basically, I need to send a customized Dashboard for every Group Name to a different Group of People (a list of a couple of email addresses per Group Name).
The Workaround I have now in mind is to use a script that takes a Group Name list, creates on the filesystem (in the appropriate /etc/apps/ folder) a custom Dashboard based on a template, and creates in the same way a scheduled view (I may also need to create customized scheduled searches to populate the Dashboard because of a bug in the pdf renderer...).
Has anybody else solved a similar Problem?
Are there any tips or tricks on how to do it?
Are the creation of custom Dashboards and searches better done by manipulating the config files, or through the CLI or API?
Thanks in advance for any Feedback!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A dashboard in Splunk can be scheduled to be delivered as PDF per email to a list of email addresses.
This works well, but only for static dashboards (simple XML dashboards without Form elements), i.e. it is not possible to give parameters to the scheduler to change the queries or the destination emails.
I wrote a script that can be run on the splunk server (search head) that will:
Based on a csv list of parameters and templates :
- create saved searches for every pannel for every dashboard to be generated
- create a dashboard for every parameter set
- schedule the dashboard for delivery following date/hour and email parameters
- force a refresh of splunk to consider the new dashboards and schedule without restarting splunk
Here's my script:
https://github.com/grundsch/mass_reports_for_splunk
It's still quite ugly, but works! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A dashboard in Splunk can be scheduled to be delivered as PDF per email to a list of email addresses.
This works well, but only for static dashboards (simple XML dashboards without Form elements), i.e. it is not possible to give parameters to the scheduler to change the queries or the destination emails.
I wrote a script that can be run on the splunk server (search head) that will:
Based on a csv list of parameters and templates :
- create saved searches for every pannel for every dashboard to be generated
- create a dashboard for every parameter set
- schedule the dashboard for delivery following date/hour and email parameters
- force a refresh of splunk to consider the new dashboards and schedule without restarting splunk
Here's my script:
https://github.com/grundsch/mass_reports_for_splunk
It's still quite ugly, but works! 🙂
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
