We need to create multiple reports each month for SOX compliance. The search looks like the following:
server01 EventCode="560" Client_Domain="JAMBA" "FY10 Reports" Object_Name!="*.tmp" Object_Name="\.*" Client_User_Name!="*$" Client_User_Name!="!*" | stats count(TimeWritten) as TimesAccessed by Object_Name Client_User_Name Accesses | outputcsv October_AuditGroup8.csv
There are about 20 of these searches that we need to run. I'd like to create a dashboard that will let us choose the start and end date for the search and then run all 20 of the searches, preferably in the background.
Can somebody point me to the documentation that will show me how to do this?
Thx.
Craig
You can do that by building an advanced xml dashboard and add a time range picker around your searches:
http://www.splunk.com/base/Documentation/latest/Developer/AdvancedFormSearch http://www.splunk.com/base/Documentation/latest/Developer/ModuleReference#TimeRangePicker