Archive

Create a Dashboard With a List of Alerts or Reports

Path Finder

So according to our admins there isn't an easy way to nest alerts on the "Alerts" page. I have a number of departmental alerts and I just have to keep scrolling down to get to some of them. I start each alert using a naming convention so they are grouped on the page, but it's annoying to scroll through dozens of alerts. Is there a way to create a dashboard I can lump each area's alerts into a panel that I can click on? So alerts for "Marketing" in one panel. Alerts for "IT" in another panel. It would just be easier for me to navigate alerts for specific areas that way. Thanks.

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

Try this search : | rest /services/saved/searches | table title

<dashboard>
  <label>test1</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| rest /services/saved/searches | table title</query>
          <earliest>0</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <drilldown>
          <link target="_blank">alert?s=%2FservicesNS%2Fnobody%app_name%2Fsaved%2Fsearches%2F$click.value$</link>
        </drilldown>
      </table>
    </panel>
  </row>
</dashboard>

This will give you list of all saved searches which you can point to specific alert using dashboard drilldown.

The drilldown is

<link target="_blank">alert?s=%2FservicesNS%2Fnobody%app_name%2Fsaved%2Fsearches%2F$click.value$</link>

You need to find the link and paste it.

0 Karma