- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Dashboards created in Splunk 6.2 are not rendered ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dashboards created in Splunk 6.2 are not showing up correctly on Splunk Mobile App. However, dashboards that were created in an older version of Splunk (ver. 6.1) are rendered correctly (but the time picker is defaults to "All Time" even when the default is set to "Today").
After some investigation I've noticed that dashboards created in Splunk 6.2 uses different XML tags compared to the Splunk 6.1. See examples below:
Splunk 6.1:
<dashboard>
<label>Dashboard: Foobar</label>
<row>
<panel>
<chart>
<searchString>index=foo foobar by foobar_type </searchString>
<earliestTime>-7d@h</earliestTime>
<latestTime>now</latestTime>
....
Splunk 6.2:
<dashboard>
<label>Dashboard: Foobar</label>
<row>
<panel>
<chart>
<search>
<query>index=foo foobar by foobar_type</query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
The workaround right now is to manually edit the source and use the old XML tags (Splunk 6.1) to display the report.
But the Time Picker drop down is still not rendered correctly in Splunk Mobile App.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I faced the same issue. Finally, I found it is a limitation by design.
We can find the current Mobile Access (1.0.1) supports only 5.0.x, 6.0.x and 6.1.x, NOT 6.2.x.
"Splunk Enterprise version support" topic on Mobile Access 1.0.1 documents.
So, we need to wait newer version Mobile Access which can support 6.2.x.
And I appreciate your workaround information.
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Btw, the Time Picker works in Splunk Mobile App if the old tags are used.
For example, the fieldset tag works when earliestTime and latestTime tags are used.
However, even if you set the default value of the token in the dashoard Splunk Mobile App internally defaults to "All Time". That's why when you first open the dashboard it will run an All Time query. You can cancel the query by picking a new time from the time picker. This can be a performance hog the search head especially if there a lot of Splunk Mobile App users in your Enterprise installation. The quick and dirty workaround is to create dashboards with hardcoded time-range and just label the dashboard accordingly, i.e. Chart (Today), Chart (Yesterday), etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I faced the same issue. Finally, I found it is a limitation by design.
We can find the current Mobile Access (1.0.1) supports only 5.0.x, 6.0.x and 6.1.x, NOT 6.2.x.
"Splunk Enterprise version support" topic on Mobile Access 1.0.1 documents.
So, we need to wait newer version Mobile Access which can support 6.2.x.
And I appreciate your workaround information.
Thank you.
Splunk and Fraud
Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
