Dashboards & Visualizations

Splunk query or rest API to list down the advanced xml dashboards

Explorer

I want to create an alert to notify the users if they create a dashboard using advance xml or calling a script

0 Karma
1 Solution

Communicator

I would start with this search:

| rest  /servicesNS/-/-/data/ui/views  

The eai:data field should have the dashboard XML, and with that you should be able to regex out what you are looking for.

I'd probably use evals and do something like this:

 | eval contains_adanced_xml=if(match(eai:data, ".*<module .*"), "1", "0")
 | eval contains_script=if(match(eai:data, "<dashboard script=.*>", "1", "0")

You'll likely need to refine those conditionals a little bit, but once those are good you'd be able to just grab the dashboards that meet either condition and setup an alert.

View solution in original post

0 Karma

Communicator

I would start with this search:

| rest  /servicesNS/-/-/data/ui/views  

The eai:data field should have the dashboard XML, and with that you should be able to regex out what you are looking for.

I'd probably use evals and do something like this:

 | eval contains_adanced_xml=if(match(eai:data, ".*<module .*"), "1", "0")
 | eval contains_script=if(match(eai:data, "<dashboard script=.*>", "1", "0")

You'll likely need to refine those conditionals a little bit, but once those are good you'd be able to just grab the dashboards that meet either condition and setup an alert.

View solution in original post

0 Karma

Explorer

This is what i was looking for, thanks a lot

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!