How to delete custom dashboard in a shcluster?

rtongue · ‎01-09-2023

Hi all, I am a very new Splunk admin, and am trying to peel back the onion on the previous admin's shenanigans in this Splunk environment. I have a "dashboard" that was created by a user in the "search" app, and they have requested that I delete the dashboard for them, as they cannot. What is the proper way to do this? The only mention I can find of it is on all 3 search head peers under the path "/opt/splunk/etc/apps/search/local/data/ui/views/${dashboard_name}.xml"

I cannot find it on the cluster master, either in /etc/apps or /etc/shcluster/apps. Please help me figure out what to do next. Is it as simple as just removing that xml from all 3 search heads at the same time? Thanks in advance.

rtongue · ‎01-09-2023

I am an admin, and the UI is missing the option to delete, which I thought was by design, guess not. Also, I cannot find the same dashboard in the master (which is also the deployer). So not sure what to do.

richgalloway · ‎01-09-2023

Interesting. A dashboard in the local folder was created on one of the SHC nodes and should be deleteable using the UI. Make sure your account has the admin_all_objects capability.

If you still can't do it in the UI then delete the file from all SHC member nodes and do a rolling restart of the cluster.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎01-09-2023

As the admin, you may be able to delete the dashboard from the UI if the user cannot.

If your cluster manager is not also your SHC deployer then look on the deployer for the dashboard, remove it, then apply the shcluster bundle.

---
If this reply helps you, Karma would be appreciated.

How to delete custom dashboard in a shcluster?

dashboard

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?