All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add a filter to a dashboard in Palo Alto Networks App for Splunk?

heathramos
Path Finder
‎03-09-2017 07:44 AM

I was wondering if it was possible to add a filter to one of the dashboards in the Palo Alto Networks App for Splunk?

I want to be able to filter the traffic dashboard by src_zone.

I can, of course, drilldown and filter within the search but I want the filter to be on the dashboard.

I have never created or altered a dashboard before.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎03-09-2017 08:27 AM

I would make a copy of it and edit that. Go to Settings -> Searches, Reports, and Alerts -> select your app in the App Context listbox in the upper-left -> in the search bar on the upper-right, search for your dashboard, when you find it -> Clone -> then click Run -> then Edit and go from there.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎03-09-2017 08:27 AM

I would make a copy of it and edit that. Go to Settings -> Searches, Reports, and Alerts -> select your app in the App Context listbox in the upper-left -> in the search bar on the upper-right, search for your dashboard, when you find it -> Clone -> then click Run -> then Edit and go from there.

0 Karma
Reply
Solved! Jump to solution

heathramos
Path Finder
‎03-09-2017 09:55 AM

I can't find that dashboard in Settings -> Searches, Reports, and Alerts

If I go back to the dashboard within the app and select edit permissions, I get the following info:

Dashboard: Traffic Dashboard
Owner: nobody
App: SplunkforPaloAltoNetworks

Not sure where to find it.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎03-09-2017 11:14 AM

When you run the dashboard, take the string on the URL bar from the last / through to the ? and that is the name of the dashboard. Then go to Searches, Reports, and Alerts and paste that name string in the search box.

Alternatively, replace everything after the ? with showsource=true and copy the XML and then just paste it into your own "new" dashboard.

0 Karma
Reply
Solved! Jump to solution

heathramos
Path Finder
‎03-09-2017 01:27 PM

I was able to clone it, find the cloned dashboard and alter the XML but how do you add it to the menus so I can run the customized version within the app?

0 Karma
Reply
Solved! Jump to solution

heathramos
Path Finder
‎03-09-2017 02:25 PM

nevermind...got that to work

had to add the view to the user interface

thanks for the help

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...