Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create dashboards so they update/refresh search results?

CREVITCH
Path Finder
‎01-19-2016 02:56 PM

I save dashboards from both search and report, and it appears that the dashboards run the search every time it is brought up, but does not refresh after that. I have read that it is supposed to display the cached search. What is the proper way to create dashboards so that they update properly. Is there a way to do this from Splunk Web or only in XML?

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎01-19-2016 03:30 PM

Save your searches as reports (saved searches) and use the saved search name in your dashboards. The results of a saved search are kept in the dispatch directory for twice as long as your search timeframe, i.e. if you search over the past 4 hours, search results will be cached for 8 hours (by default) before being reaped.
Not sure what you meant with your second question in your comment.

0 Karma
Reply

CREVITCH
Path Finder
‎01-19-2016 02:57 PM

also is there any way to just display the results of an alert on a dashboard? The schedule is already in the alert. It would be nice to just display the results rather than create a new search.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...