- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I show default search app's dashboard
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How Do I display default search app in my app?
http://mjserver:8000/en-US/app/search/dashboard_live
Within my app I want to show dashboard_live and display all data(SourceType, source, host, etc..) related to my apps only
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.
You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.
http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1
After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.
I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.
It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).
Hope this helps,
MHibbin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should probably start by looking the properties of the XML that is generating the "dashboard_live" view, this will show you what searches/saved searches have been used to populate the tables.
You should start with the XML, you can do this quickly from the dashboard_live view by adding "?showsource=1" to the end of the URL, e.g.
http://mjserver:8000/en-US/app/serach/dashboard_live?showsource=1
After doing this, you have the raw XML that can used to copy into a new view within your own app. Or more simply... You can also clone the dashboard_live view via the manager (Manager >> User Interface >> Views >> clone dashboard_live to your app with a new name), and then modify the searches in the newly cloned view, to filter results as per your requirements.
I would not recommend changing Splunks's view/searches directly, I would simply "copy and paste" into a new view/search.
It's not a particularly hard task, but you will just need to filter out your app's events in the searches (perhaps by adding a relevant index in the search or specific source/sourcetype/host combinations, where appropriate).
Hope this helps,
MHibbin
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
