Dashboards & Visualizations

Dashboards using Real Time Searches

gagandeep_arora
Path Finder

I am looking for a search to find what all Dashboards are using Real Time Searches.

Tags (1)
0 Karma
1 Solution

woodcock
Esteemed Legend

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

View solution in original post

woodcock
Esteemed Legend

Like this:

|rest/servicesNS/-/-/data/ui/views
| regex eai:data="<earliest>rt"
| table splunk_server disabled title eai:acl.app eai:appName id

gagandeep_arora
Path Finder

Hello Woodcock, I am getting below out put but unable to correlate. Can you please explain a bit - What it is referring to:
disabled title eai:acl.app eai:appName id
0 simple_search_realtime simple_xml_examples simple_xml_examples https://127.0.0.1:8089/servicesNS/nobody/simple_xml_examples/data/ui/views/simple_search_realtime

0 splunk_performance_metrics em_ss_portal_app em_ss_portal_app https://127.0.0.1:8089/servicesNS/nobody/em_ss_portal_app/data/ui/views/splunk_performance_metrics

0 Karma

woodcock
Esteemed Legend

What is there to correlate? You have the name of the search and the app that it is in. Just go look at it.

0 Karma

gagandeep_arora
Path Finder

Got it, The only confusion was from the applications are coming "https://127.0.0.1:8089" doesnt make sense to me as I have 4 different Search Head Clustered environment.

I found the solution, Your query works fine here, I just molded it to get more information relevant to the exact searchhead by using field (splunk_server) in the table.

Thanks.

woodcock
Esteemed Legend

Ah, now I see what you mean; I updated my answer, too.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi gagandeep_arora,
as my previous answer:
use Splunk Distributed Monitoring Console App to monitor your search activity.
In addition you could use Search Activity App (https://splunkbase.splunk.com/app/2632/) but it isn't so easy to configure.

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...