Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to find last time-stamp of all dashboard when user has seen dashboard

Susha
Engager
‎09-03-2021 01:07 AM

Hi All,

we have lots of dashboards where few of them are visited by user and some are not .. here we want to delete those dashboard which has been not seen by any user since long back. How to find last time-stamp of all dashboard when user has seen dashboard?

have tried below but its not giving the last visited timestamp..

index="_internal" user!="-" sourcetype=splunkd_ui_access | rex field=uri "en-US/app/(?<app>[^/]+)/(?<dashboard>[^?/\s]+)" | search dashboard!="search" dashboard!="home" dashboard!="alert" dashboard!="lookup_edit" dashboard!="@go" dashboard!="data_lab" dashboard!="dataset" dashboard!="datasets" dashboard!="alerts" dashboard!="dashboards" dashboard!="reports" dashboard!="report"| stats count by app dashboard user

Labels (1)
Labels
Tags (1)
0 Karma
Reply

shivanshu1593
Builder
‎09-03-2021 03:11 AM

Hello @Susha ,

This should give you the results that you're looking for. Just filter for the dashboard that you want to get the details:

index=_internal sourcetype=splunkd_ui_access 

    [| rest /servicesNS/-/-/data/ui/views 

    | rename eai:acl.app as app 

    | search NOT app=system 

    | strcat "GET*/app/" app "/" title dashboard 

    | table dashboard 

    | rename dashboard as search 

    | format] 

| rex field=other "\s(?<response_time_ms>\d+)ms" 

| rex field=uri_path "\/app\/(?<app>[^\/]+)\/(?<dashboard>\S+)" 

| table _time, host, user, app, dashboard, response_time_ms

You can also refer this answer:

https://community.splunk.com/t5/Dashboards-Visualizations/How-can-I-create-a-query-to-find-dashboard...

Thanks,

S

***If this helped, please accept it as a solution. It helps others to find the solution for similar issues quickly.***

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...