Splunk Search

How to search for dashboards and reports created by a specific user/owner?

vinodsinha
Explorer

Hi Team,

I was looking for reports, searches, saved searches, and Dashboards created by specific users/owners.
Some of the users/owners left the company, but reports and dashboards still exist in Splunk. So, I need to find those dashboard and reports.

Thanks,

1 Solution

chimell
Motivator

Hi
Try this in splunk web
Go to
1-Settings-->All Configuration
2-In the All configuration page , select All in App context dropdown and your user name in Owner dropwdown then you will see the list of reports and dashboards that user has created

0 Karma

ngatchasandra
Builder

somesoni2
SplunkTrust
SplunkTrust

Try something like this

| rest /servicesNS/PutUserNameHere/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboard" | append [| rest /serviceNS/PutUserNameHere/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:.acl.app as AppName 
0 Karma

svarathan_splun
Splunk Employee
Splunk Employee

Thanks for the Query, worked great - I just found two typos:

| rest /servicesNS/-/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboards" | append [| rest /servicesNS/-/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:acl.app as AppName

0 Karma

vinodsinha
Explorer

Executed above query and getting below error:-
Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/kavithasr/-/data/ui/views?count=0 from server=https://127.0.0.1:8089

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Are you trying to run the command of Splunk Cloud trial OR does your user role has permission to run REST command?? (I guess you need admin_all_objects capability)

0 Karma

vinodsinha
Explorer

my account has splunk admin privilege and we are using Splunk Cloud Licences version.

other REST command is working fine for me

0 Karma

vinodsinha
Explorer

while executed above query getting error

22 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.

Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/PutUserNameHere/-/data/ui/views?count=0 from server=https://127.0.0.1:8089
The limit has been reached for log messages in info.csv. 27 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
0 Karma

somesoni2
SplunkTrust
SplunkTrust

Seems like permission issue only. Check with your Splunk admin if you've permissions to run REST command and if not (surely) then request to get that.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...