One of the users recently edited a dashboard to change permissions and since then she cannot see it.
I've tried the following commands
index=_internal sourcetype=splunkd_ui_access editxml OR edit method=post ui/views/ OR method=delete ui/views/ | rex field=referer "/(?<edit_type>editx?m?l?)(\?|$)" | rex field=other "\s*?\-\s*(?<sessionId>[\S]+)\s*" | table _time user clientip sessionId edit_type file useragent | rename file as dashboard
On the App, there is nothing on the local folder, only the default dashboard are on the default folder (/splunk/etc/apps/TA-WALLIX_Bastion/default/data/ui/views/)
Is there a local folder containing the dashboards of each user?
Something must've happened to the dashboard (i've only seen an edit action).
Thaks for your help
If it was made private, then it will exist in
The bottom line, just do this to find it:
find $SPLUNK_HOME/etc -name <dashname>.xml