Solved: How do you publish a Splunk real-time report?

nageshs · ‎04-02-2015

So I have a real-time report working. I have created a new user whom I want to be able to view (and only view) the report - no changes to settings, etc. How do you publish this? For example, if I was developing a report on BIRT, then I could probably share a URL of the report published to the underlying Tomcat or whatever. In Splunk, I did see there is an option to share the job. But, that URL turns up again as if it was a development IDE. Whereas, I would like to display the real-time report on a large device like a 42" LED TV.

So, how does one publish a Splunk report?

ChrisG · ‎04-02-2015

You can use embedded reports, but on a scheduled basis and not with a real-time search. Are you sure you need a real-time search? Typically, data that you want humans to look at is fine refreshed every minute or five.

View solution in original post

pramit46 · ‎04-02-2015

Real time puts a little stress on the system, and since your application updates in every 5 minutes, why not hitting a scheduled search in every 5 minute and look for the data for last 5 minutes. Try this simple cron to trigger the job in every 5 min.
*/5 * * * *

ChrisG · ‎04-02-2015

You can use embedded reports, but on a scheduled basis and not with a real-time search. Are you sure you need a real-time search? Typically, data that you want humans to look at is fine refreshed every minute or five.

nageshs · ‎04-02-2015

The frequency of my real time search would not be very less; maybe, 1 update in 5 minutes or so. So, yes, a real-time report would be good.

nageshs · ‎04-06-2015

I am able to embed a scheduled report - scheduled to run every 5 mins. Thanks !

How do you publish a Splunk real-time report?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life