Splunk Search

Does Splunk have a collaborative notebook capability?

eugenek
Path Finder

We're looking for a capability similar to IPython or Apache Zeppelin, where queries can live together with documentation and users can collaboratively work on them. Is there anything like that out there for Splunk?

pmeyerson
Path Finder

EDIT: check the Splidgets apps on splunkbase too! https://splunkbase.splunk.com/app/3648/
https://splunkbase.splunk.com/app/3647/ May give some hints if it doesn't solve your problem.

Also saw this blogpost on using dashboards to update a kvstore: https://www.hurricanelabs.com/splunk-tutorials/building-a-crud-dashboard-utilizing-a-kv-store-in-spl...

Just saw this, someone wrote a way to connect to splunk using the SDK, from within a jupyter notebook. Maybe this is what you're looking for. https://github.com/dformoso/splunk-jupyter

0 Karma

eugenek
Path Finder

The splunk-jupyter project looks interesting. Will have to take a look.

0 Karma

pwmcintyre
Explorer

This is a killer feature i hope they're working on in the background. Currently the SPL doesn't even support comments, let alone documentation. The closest thing would be shared saved searches, but after using notebooks, saved searches are miles behind.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee
0 Karma

lycollicott
Motivator

That link is broken, but no, I'm not trying to add comments to searches.

0 Karma

lycollicott
Motivator

I created an application of documentation which has dashboards of HTML panels of the documentation and other dashboards which dynamically list some basic info about our indexes and sourcetypes. It is possible. (I don't have a scrubbed shell of it to share yet - but that is on my end less todo list!)

alt text

Masa
Splunk Employee
Splunk Employee

+1 as a good one 🙂

I thought eugenek is looking for a feature like you write dashboard code and show the dashboard, also add comment to explain it in one page. Dynamically you can change the code and change result of dashboards. I know IPython can do it.

I still like your custom feature 🙂

0 Karma

lycollicott
Motivator

I've thought about trying to do something where you fill in a form that would populate a lookup or maybe even an index that would be read and tokenized back into the dashboard, but so little time. I'll probably be retired before I get around to that.

0 Karma

eugenek
Path Finder

I was looking for something where, rather than documenting a finished product, you could have a working document with embedded queries. Take a look this as an example (you can skip to 0:35)
http://go.databricks.com/videos/collaboration-in-databricks

0 Karma

Masa
Splunk Employee
Splunk Employee

Are looking for some documentation feature to show both comments and source code with dashboards view? Splunk Core does not ship such feature. But, maybe you can see possibilities in Splunk 6.x Dashboard Examples (https://splunkbase.splunk.com/app/1603/ ). Again, Splunk itself does not ship the feature you're looking for. As you might know, Splunk's Simple XML feature to avoid writing codes to develop dashboards by moving or adding component is main stream of Splunk core feature. For advanced dashboards using javascript, css and even backend custom rest calls, currently there is no IDE tool like IPython.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...