Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to find last time-stamp of all dashboard when user has seen dashboard

Susha
Engager
‎09-03-2021 01:07 AM

Hi All,

we have lots of dashboards where few of them are visited by user and some are not .. here we want to delete those dashboard which has been not seen by any user since long back. How to find last time-stamp of all dashboard when user has seen dashboard?

have tried below but its not giving the last visited timestamp..

index="_internal" user!="-" sourcetype=splunkd_ui_access | rex field=uri "en-US/app/(?<app>[^/]+)/(?<dashboard>[^?/\s]+)" | search dashboard!="search" dashboard!="home" dashboard!="alert" dashboard!="lookup_edit" dashboard!="@go" dashboard!="data_lab" dashboard!="dataset" dashboard!="datasets" dashboard!="alerts" dashboard!="dashboards" dashboard!="reports" dashboard!="report"| stats count by app dashboard user

Labels (1)
Labels
Tags (1)
0 Karma
Reply

shivanshu1593
Builder
‎09-03-2021 03:11 AM

Hello @Susha ,

This should give you the results that you're looking for. Just filter for the dashboard that you want to get the details:

index=_internal sourcetype=splunkd_ui_access 

    [| rest /servicesNS/-/-/data/ui/views 

    | rename eai:acl.app as app 

    | search NOT app=system 

    | strcat "GET*/app/" app "/" title dashboard 

    | table dashboard 

    | rename dashboard as search 

    | format] 

| rex field=other "\s(?<response_time_ms>\d+)ms" 

| rex field=uri_path "\/app\/(?<app>[^\/]+)\/(?<dashboard>\S+)" 

| table _time, host, user, app, dashboard, response_time_ms

You can also refer this answer:

https://community.splunk.com/t5/Dashboards-Visualizations/How-can-I-create-a-query-to-find-dashboard...

Thanks,

S

***If this helped, please accept it as a solution. It helps others to find the solution for similar issues quickly.***

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...