Dashboards & Visualizations

Dashboards using Real Time Searches

gagandeep_arora
Path Finder

I am looking for a search to find what all Dashboards are using Real Time Searches.

Tags (1)
0 Karma
1 Solution

woodcock
Esteemed Legend

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

View solution in original post

woodcock
Esteemed Legend

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

gagandeep_arora
Path Finder

Hello Woodcock, I am getting below out put but unable to correlate. Can you please explain a bit - What it is referring to:
disabled title eai:acl.app eai:appName id
0 simple_search_realtime simple_xml_examples simple_xml_examples https://127.0.0.1:8089/servicesNS/nobody/simple_xml_examples/data/ui/views/simple_search_realtime

0 splunk_performance_metrics em_ss_portal_app em_ss_portal_app https://127.0.0.1:8089/servicesNS/nobody/em_ss_portal_app/data/ui/views/splunk_performance_metrics

0 Karma

woodcock
Esteemed Legend

What is there to correlate? You have the name of the search and the app that it is in. Just go look at it.

0 Karma

gagandeep_arora
Path Finder

Got it, The only confusion was from the applications are coming "https://127.0.0.1:8089" doesnt make sense to me as I have 4 different Search Head Clustered environment.

I found the solution, Your query works fine here, I just molded it to get more information relevant to the exact searchhead by using field (splunk_server) in the table.

Thanks.

woodcock
Esteemed Legend

Ah, now I see what you mean; I updated my answer, too.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi gagandeep_arora,
as my previous answer:
use Splunk Distributed Monitoring Console App to monitor your search activity.
In addition you could use Search Activity App (https://splunkbase.splunk.com/app/2632/) but it isn't so easy to configure.

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...