Dashboards & Visualizations

Can you use the Splunk REST API or Javascript SDK to create dashboards in Splunk using the XML sources?

w22chaudh
New Member

Hi,

I'm trying to automate restoring splunk dashboards from their xml source. I've found the xml sources for my dashboards in
$SPLUNK_HOME/etc/apps/search/local/data/ui/views. I'd like to keep a copy of these in git and have a script that would utilize the splunk REST API or Javascript SDK to populate the dashboards into my splunk using the xml sources. So my question is if the splunk API or Javascript SDK allows for this?

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Yes.

The relevant REST endpoint is /servicesNS/user_name/app_name/data/ui/views/view_name, but I'm afraid its docs are missing from docs.splunk.com/Documentation/Splunk/6.2.0/RESTREF/RESTknowledge so you'd have to go and guess/reverse-engineer the correct parameters. Do submit feedback at the bottom of that page to let the docs team know.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Yes.

The relevant REST endpoint is /servicesNS/user_name/app_name/data/ui/views/view_name, but I'm afraid its docs are missing from docs.splunk.com/Documentation/Splunk/6.2.0/RESTREF/RESTknowledge so you'd have to go and guess/reverse-engineer the correct parameters. Do submit feedback at the bottom of that page to let the docs team know.

frobinson_splun
Splunk Employee
Splunk Employee

Thank you, @martin_mueller and @amrit, for your discussion of these endpoints. FYI, there is now documentation for /views and /views/{name} here:
http://docs.splunk.com/Documentation/Splunk/6.3.0/RESTREF/RESTknowledge#data.2Fui.2Fviews

0 Karma

vamsy7
Engager

Hi. Is there any way to retrieve the data from dashboard using REST API.
/servicesNS/user_name/app_name/data/ui/views/view_name, this URL will give us the info about the dashboard.
i want the data to be pulled from dashboard.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You should ask a separate question, @vamsy7.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Like this:

$ curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/search/data/ui/views -d "name=foo&eai:data=<dashboard><label>weeee</label></dashboard>"

Creating a knowledge object always is a POST to the root of the knowledge object with a name passed as a parameter, modifying is a POST to that knowledge object itself with the name in the path.

martin_mueller
SplunkTrust
SplunkTrust

Say you have a dashboard called curl owned by admin privately in the search app. Then you can run this to overwrite its XML:

$ curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/search/data/ui/views/curl -d "eai:data=<dashboard><label>weeee</label></dashboard>"

deanilol
Explorer

awesome answer!

how could the cURL command look if I want to create a new dashboard using POST. Tried to do it the way Amrit tells it but I get "argument is not supported by this handler".

This would help me alot!!

0 Karma

deanilol
Explorer

I'm looking for the same thing. Let's say I wan't to change the XML source, how could my cURL command look like?

Thanks!

0 Karma

amrit
Splunk Employee
Splunk Employee

Martin's right. Per the special auto-doccing URL /servicesNS/user_name/app_name/data/ui/views/_new , the required parameters are eai:data and the implicit name. You can accomplish a Create by POSTing to views/my_view_name and specifying the raw XML content in the eai:data parameter.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...