Dashboards & Visualizations

How can I have one query for both a dashboard and an alert?

tb5821
Communicator

I want to have a query on my dashboard and also an alert for the same query but when it comes to updates. I don't want to have to update it in two places... what's the best way to accomplish this?

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi tb5821,
did you tried with a macro?
in other words: create a macro and use it both in dashboard and alert.
In this way you have only one point to manage.
Bye.
Giuseppe

View solution in original post

0 Karma

gowtham495
Path Finder

See if you can do this way :

  1. Create a Report with your search query and schedule it.
  2. Create a Dashboard and add a panel containing that Report.
  3. In Dashboard, Export >> Schedule PDF Delivery >> here you can edit settings like that of an alert (for ex: to, cc, cron, message, etc..)

This way, at the time of any updates, you can edit the Report alone. Other things will be automatically taken care of.

0 Karma

tb5821
Communicator

Looks like going this route doesn't allow for the 'scheduled report' to support Trigger Conditions or throttling of the report alert like it would with a 'regular' alert.

gcusello
SplunkTrust
SplunkTrust

Hi tb5821,
did you tried with a macro?
in other words: create a macro and use it both in dashboard and alert.
In this way you have only one point to manage.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...