Dashboards & Visualizations

Can I retrieve job.sid with simple xml in Splunk Ent 6.1

CarlAus
Loves-to-Learn Lots

We are still running Enterprise 6.1, and I am unable to locate the relevant documentation.
I would like to know if I can access the job.sid using simple xml, and if so what the syntax might be.

I gather I am restricted to the <searchString> element as <search> & <query> are not relevant to version 6.1,

Any assistance would be most appreciated.

Labels (2)
Tags (2)
0 Karma

tscroggins
Influencer

It's been a long time, but you may find what you need in $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/schema. The directory may be different, but there should be a simplexml.xsd schema file floating around to help you find elements, attributes, etc. The dashboard code is in search_mrsparkle as something like dashboard_*.js. You may need to de-minify the source, but you can search it and related files to see which built-in tokens are available.

0 Karma

CarlAus
Loves-to-Learn Lots

**at least I believe the <search> & <query> are not applicable to version 6.1!?

0 Karma

bowesmana
SplunkTrust
SplunkTrust

I am not sure when they came in, but looking at a Splunk 7 instance I have, there is a mix of searchString and <search><query> in the same dashboard.

Can you try converting the <searchString> to search/query and then addding an event handler outside the <query>, i.e.

<search>
  <query>
    your_search
  </query>
  <finalized>
    <set token="job_sid">$job.sid$</set>
  </finalized>
</search>

Not sure when/if finalized was changed to <done>, but I have seen <preview> and <progress> event handlers in old dashboards along with <finalized>.

See if any of this works.

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...