I have a form Dashboard that allows me to see different queries and visualization based on a Parameter (a Group Name).
I know I can't schedule such a Dashboard for PDF delivery, but I need to somehow find an alternative.
Basically, I need to send a customized Dashboard for every Group Name to a different Group of People (a list of a couple of email addresses per Group Name).
The Workaround I have now in mind is to use a script that takes a Group Name list, creates on the filesystem (in the appropriate /etc/apps/ folder) a custom Dashboard based on a template, and creates in the same way a scheduled view (I may also need to create customized scheduled searches to populate the Dashboard because of a bug in the pdf renderer...).
Has anybody else solved a similar Problem?
Are there any tips or tricks on how to do it?
Are the creation of custom Dashboards and searches better done by manipulating the config files, or through the CLI or API?
A dashboard in Splunk can be scheduled to be delivered as PDF per email to a list of email addresses.
This works well, but only for static dashboards (simple XML dashboards without Form elements), i.e. it is not possible to give parameters to the scheduler to change the queries or the destination emails.
I wrote a script that can be run on the splunk server (search head) that will:
Based on a csv list of parameters and templates :
- create saved searches for every pannel for every dashboard to be generated
- create a dashboard for every parameter set
- schedule the dashboard for delivery following date/hour and email parameters
- force a refresh of splunk to consider the new dashboards and schedule without restarting splunk