Dashboards & Visualizations

How to parameterize a time range of dashboard but still schedule PDF delivery?

akuchta
Explorer

I am making a report containing multiple searches. I'd like all the searches to use the same time range.
The intent is to send a daily PDF of the dashboard. In addition but it is likely that individual users will want to view the dashboard interactively and tweak the time range.

I understand that by adding a time input to the dashboard and referencing the correct tokens in the searches, I can parameterize the time range of the dashboard. But from what I understand scheduled PDF delivery is not supported for dashboards with forms.

Any way to get the best of both worlds?

0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

I'm working on a similar project for conditional PDF delivery of a dashboard. It's pretty ugly but works, here's the workflow

1) Search triggers an alert
2) Alert has script which is triggered on the search head
3) The script stores the search result (from the file system) into a variable inside the script
4) The value selected will determine which PDF file to send and uses relative time to look at the last 15 mins to now
5) The script executes a REST command on the file system to convert the dashboard into a PDF on the file system
6) Send the email to a distro with the PDF attachment

The hardest part is passing the value from the search to the file system. The link below lists arguments which make this possible

http://docs.splunk.com/Documentation/Splunk/7.1.0/Alert/Configuringscriptedalerts#Access_arguments_t...

View solution in original post

ppablo
Retired

Hi @akuchta

Did the answer by @skoelpin solve your question? If yes, please don't forget to resolve the post by clicking "Accept" directly below his answer. If not, please comment with more info to hopefully work towards a final solution.

Thanks!

0 Karma

skoelpin
SplunkTrust
SplunkTrust

I'm working on a similar project for conditional PDF delivery of a dashboard. It's pretty ugly but works, here's the workflow

1) Search triggers an alert
2) Alert has script which is triggered on the search head
3) The script stores the search result (from the file system) into a variable inside the script
4) The value selected will determine which PDF file to send and uses relative time to look at the last 15 mins to now
5) The script executes a REST command on the file system to convert the dashboard into a PDF on the file system
6) Send the email to a distro with the PDF attachment

The hardest part is passing the value from the search to the file system. The link below lists arguments which make this possible

http://docs.splunk.com/Documentation/Splunk/7.1.0/Alert/Configuringscriptedalerts#Access_arguments_t...

akuchta
Explorer

Thanks for the suggestion! I didn't know about some of these other tools.

To clarify, is 5) a call to the Splunk REST API ? If yes, can you link to the API doc for it?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

I got the idea from this post. It's not well documented but gives you the ability to convert to a PDF on the file system. If this answered helped you, can you accept it/upvote?

https://answers.splunk.com/answers/223655/can-i-export-pdf-via-rest.html

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...