Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboards using Real Time Searches

gagandeep_arora
Path Finder
‎06-29-2017 09:07 AM

I am looking for a search to find what all Dashboards are using Real Time Searches.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-29-2017 01:39 PM

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-29-2017 01:39 PM

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id
Reply
Solved! Jump to solution

gagandeep_arora
Path Finder
‎06-29-2017 02:39 PM

Hello Woodcock, I am getting below out put but unable to correlate. Can you please explain a bit - What it is referring to:
disabled title eai:acl.app eai:appName id
0 simple_search_realtime simple_xml_examples simple_xml_examples https://127.0.0.1:8089/servicesNS/nobody/simple_xml_examples/data/ui/views/simple_search_realtime

0 splunk_performance_metrics em_ss_portal_app em_ss_portal_app https://127.0.0.1:8089/servicesNS/nobody/em_ss_portal_app/data/ui/views/splunk_performance_metrics

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-29-2017 02:53 PM

What is there to correlate? You have the name of the search and the app that it is in. Just go look at it.

0 Karma
Reply
Solved! Jump to solution

gagandeep_arora
Path Finder
‎06-30-2017 07:51 AM

Got it, The only confusion was from the applications are coming "https://127.0.0.1:8089" doesnt make sense to me as I have 4 different Search Head Clustered environment.

I found the solution, Your query works fine here, I just molded it to get more information relevant to the exact searchhead by using field (splunk_server) in the table.

Thanks.

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎11-08-2019 07:06 AM

Ah, now I see what you mean; I updated my answer, too.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎06-29-2017 09:13 AM

Hi gagandeep_arora,
as my previous answer:
use Splunk Distributed Monitoring Console App to monitor your search activity.
In addition you could use Search Activity App (https://splunkbase.splunk.com/app/2632/) but it isn't so easy to configure.

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...