We have a number of very useful Splunk dashboards built up for our application. It seems that every time we release, we are surprised to discover that someone inadvertently broke a Splunk dashboard widget because they changed a log line. It would be great to have a dynamically generated, self-updating list for all our dashboards of the log-line fragments, regexes etc. that are used. That way we could refer to this list and easily know in development and reviews when changes are going to break something in Splunk.
Is there an easy way to generate this kind of list? Ideally you would feed it a list of particular dashboards you don't want to break.
There is no built-in way to do that. You could create your own search using |rest /servicesNS/-/-/saved/searches
and | rest /servicesNS/-/-/data/views
and scanning the text of each result for something like quotation marks. You'll still have a ton of false positives to scan by hand.
There is no built-in way to do that. You could create your own search using |rest /servicesNS/-/-/saved/searches
and | rest /servicesNS/-/-/data/views
and scanning the text of each result for something like quotation marks. You'll still have a ton of false positives to scan by hand.
what do you mean with log line in the dashboard context?