Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboards created in Splunk 6.2 are not rendered correctly in Splunk Mobile App

rdeleonsplunk
Path Finder
‎01-15-2015 10:22 AM

Dashboards created in Splunk 6.2 are not showing up correctly on Splunk Mobile App. However, dashboards that were created in an older version of Splunk (ver. 6.1) are rendered correctly (but the time picker is defaults to "All Time" even when the default is set to "Today").

After some investigation I've noticed that dashboards created in Splunk 6.2 uses different XML tags compared to the Splunk 6.1. See examples below:

Splunk 6.1:

<dashboard>
  <label>Dashboard: Foobar</label>
  <row>
    <panel>
      <chart>
        <searchString>index=foo foobar by foobar_type </searchString>
        <earliestTime>-7d@h</earliestTime>
        <latestTime>now</latestTime>
       ....

Splunk 6.2:

<dashboard>
  <label>Dashboard: Foobar</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=foo foobar by foobar_type</query>
          <earliest>@d</earliest>
          <latest>now</latest>
        </search>

The workaround right now is to manually edit the source and use the old XML tags (Splunk 6.1) to display the report.
But the Time Picker drop down is still not rendered correctly in Splunk Mobile App.

Reply
1 Solution
Solved! Jump to solution
Solution

Suda
Communicator
‎01-16-2015 06:18 PM

I faced the same issue. Finally, I found it is a limitation by design.

We can find the current Mobile Access (1.0.1) supports only 5.0.x, 6.0.x and 6.1.x, NOT 6.2.x.
"Splunk Enterprise version support" topic on Mobile Access 1.0.1 documents.

So, we need to wait newer version Mobile Access which can support 6.2.x.

And I appreciate your workaround information.

Thank you.

View solution in original post

Reply
Solved! Jump to solution

rdeleonsplunk
Path Finder
‎01-17-2015 07:35 AM

Btw, the Time Picker works in Splunk Mobile App if the old tags are used.

For example, the fieldset tag works when earliestTime and latestTime tags are used.

However, even if you set the default value of the token in the dashoard Splunk Mobile App internally defaults to "All Time". That's why when you first open the dashboard it will run an All Time query. You can cancel the query by picking a new time from the time picker. This can be a performance hog the search head especially if there a lot of Splunk Mobile App users in your Enterprise installation. The quick and dirty workaround is to create dashboards with hardcoded time-range and just label the dashboard accordingly, i.e. Chart (Today), Chart (Yesterday), etc.

Reply
Solved! Jump to solution
Solution

Suda
Communicator
‎01-16-2015 06:18 PM

I faced the same issue. Finally, I found it is a limitation by design.

We can find the current Mobile Access (1.0.1) supports only 5.0.x, 6.0.x and 6.1.x, NOT 6.2.x.
"Splunk Enterprise version support" topic on Mobile Access 1.0.1 documents.

So, we need to wait newer version Mobile Access which can support 6.2.x.

And I appreciate your workaround information.

Thank you.

Reply
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...