The idea is to have a display of a rolling log / tail -f .
This could be very useful to me in tracking the live output of some machines performing batch / background operations.
Yes, you can do that. If you want to to do this in search, just pick in time presets REAL-TIME - All time (real-time). Or you could save it as report/panel to include it in your dashboard.
You can see demo in Splunk Dashboard Examples App - Real-time Search
Yes, you can do that. If you want to to do this in search, just pick in time presets REAL-TIME - All time (real-time). Or you could save it as report/panel to include it in your dashboard.
You can see demo in Splunk Dashboard Examples App - Real-time Search
if you want to refresh panel or whole dashboard then you can do it -
<form refresh="300">
OR
<panel>
<chart>
.....
<option name="refresh.auto.interval">300</option>
.....
</chart>
....
Refer this- http://docs.splunk.com/Documentation/Splunk/6.3.0/Viz/PanelreferenceforSimplifiedXML#Dashboards_and_...