Developing for Splunk Enterprise

Splunk automation

sansmish
Engager

Hello everyone,

I want to automate Splunk.IF I make a dashboard manually and then I want to export it as an xml file.

After that if I make any changes in that xml file and commit the changes ,the changes should get reflected in Splunk dashboard.I don't know how to go about it .any suggestions and ideas are highly appreciated.

Thanks

Labels (1)
0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

In the version control for splunk app https://splunkbase.splunk.com/app/4355/
Or transfersplunkknowledgeobjects https://github.com/gjanders/Splunk

I have code that retrieves and posts back dashboards and other objects. Perhaps the transfer scripts might give you an idea...

View solution in original post

0 Karma

gjanders
SplunkTrust
SplunkTrust

In the version control for splunk app https://splunkbase.splunk.com/app/4355/
Or transfersplunkknowledgeobjects https://github.com/gjanders/Splunk

I have code that retrieves and posts back dashboards and other objects. Perhaps the transfer scripts might give you an idea...

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Getting hold of the SimpleXML is simple enough - you can use the ReST API to retrieve the dashboard definition (See Tom West's video on YouTube https://www.youtube.com/watch?v=B9PuOPfdxd0&t=2858s around the 45minute mark). Getting a modified version back into splunk might be a little bit more tricky.

richgalloway
SplunkTrust
SplunkTrust

I think that falls into the same category as converting an HTML dashboard back into Simple XML - it's a Hard Problem that no one has solved, yet.  Your solution would have to read seemingly random XML and somehow figure out some sequence of Simple XML statements that would produce similar output.  That sounds like PhD work to me.  Export a dashboard then compare the Simple XML to the XML and you'll see what I mean.

---
If this reply helps you, an upvote would be appreciated.
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...