Dashboards & Visualizations

Where to enter source code to remove host from Dashboard?

Ted1621
Observer

I have one host that I want to remove from all my premade dashboards in the Splunk App for AWS Security Dashboards.  Can someone tell me where I would enter this in the source code for the Dashboard so that it always excludes this host? 

Labels (1)
0 Karma

Ted1621
Observer

Thank you @andrew_nelson !  Is there a way that I could just add an "text" input in the dashboard that says src_ip!=10.0.0.1?  I think this is a more scalable way since I have other apps that I would want to exclude the host from as well.

0 Karma

andrew_nelson
Communicator

Yeah, if you have Edit permissions on the dashboards, you can add src_ip!=10.0.0.1 into the searches. 


It could be a lot of work depending on how the dashboard panels are configured. If the dashboard uses a base search, it will be quick enough to do that dashboard. If the dashboard doesn't have a base search, you'll have to edit every single panel.

0 Karma

andrew_nelson
Communicator

Take a look the the macros that come with the app. Settings > Advanced Search > Search Macros
You'll find some index macros like `aws-security-cloudtrail-index`, `aws-security-config-index` etc.  that are used to specify the data used throughout the app.

You can edit these to to add host!="hostabc" and the host should be removed. 

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...