Splunk Search

How do I show default search app's dashboard

jangid
Builder

How Do I display default search app in my app?

http://mjserver:8000/en-US/app/search/dashboard_live

Within my app I want to show dashboard_live and display all data(SourceType, source, host, etc..) related to my apps only

Thanks

Tags (1)
0 Karma
1 Solution

MHibbin
Influencer

You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.

You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.

http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1

After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.

I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.

It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).

Hope this helps,

MHibbin

View solution in original post

MHibbin
Influencer

You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.

You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.

http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1

After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.

I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.

It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).

Hope this helps,

MHibbin

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...