Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboards using Real Time Searches

gagandeep_arora
Path Finder
‎06-29-2017 09:07 AM

I am looking for a search to find what all Dashboards are using Real Time Searches.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-29-2017 01:39 PM

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-29-2017 01:39 PM

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id
Reply
Solved! Jump to solution

gagandeep_arora
Path Finder
‎06-29-2017 02:39 PM

Hello Woodcock, I am getting below out put but unable to correlate. Can you please explain a bit - What it is referring to:
disabled title eai:acl.app eai:appName id
0 simple_search_realtime simple_xml_examples simple_xml_examples https://127.0.0.1:8089/servicesNS/nobody/simple_xml_examples/data/ui/views/simple_search_realtime

0 splunk_performance_metrics em_ss_portal_app em_ss_portal_app https://127.0.0.1:8089/servicesNS/nobody/em_ss_portal_app/data/ui/views/splunk_performance_metrics

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-29-2017 02:53 PM

What is there to correlate? You have the name of the search and the app that it is in. Just go look at it.

0 Karma
Reply
Solved! Jump to solution

gagandeep_arora
Path Finder
‎06-30-2017 07:51 AM

Got it, The only confusion was from the applications are coming "https://127.0.0.1:8089" doesnt make sense to me as I have 4 different Search Head Clustered environment.

I found the solution, Your query works fine here, I just molded it to get more information relevant to the exact searchhead by using field (splunk_server) in the table.

Thanks.

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎11-08-2019 07:06 AM

Ah, now I see what you mean; I updated my answer, too.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎06-29-2017 09:13 AM

Hi gagandeep_arora,
as my previous answer:
use Splunk Distributed Monitoring Console App to monitor your search activity.
In addition you could use Search Activity App (https://splunkbase.splunk.com/app/2632/) but it isn't so easy to configure.

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...