- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I show default search app's dashboard
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How Do I display default search app in my app?
http://mjserver:8000/en-US/app/search/dashboard_live
Within my app I want to show dashboard_live and display all data(SourceType, source, host, etc..) related to my apps only
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.
You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.
http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1
After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.
I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.
It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).
Hope this helps,
MHibbin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.
You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.
http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1
After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.
I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.
It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).
Hope this helps,
MHibbin
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
