Splunk Dev

Splunk automation

sansmish
Engager

Hello everyone,

I want to automate Splunk.IF I make a dashboard manually and then I want to export it as an xml file.

After that if I make any changes in that xml file and commit the changes ,the changes should get reflected in Splunk dashboard.I don't know how to go about it .any suggestions and ideas are highly appreciated.

Thanks

Labels (1)
0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

In the version control for splunk app https://splunkbase.splunk.com/app/4355/
Or transfersplunkknowledgeobjects https://github.com/gjanders/Splunk

I have code that retrieves and posts back dashboards and other objects. Perhaps the transfer scripts might give you an idea...

View solution in original post

0 Karma

gjanders
SplunkTrust
SplunkTrust

In the version control for splunk app https://splunkbase.splunk.com/app/4355/
Or transfersplunkknowledgeobjects https://github.com/gjanders/Splunk

I have code that retrieves and posts back dashboards and other objects. Perhaps the transfer scripts might give you an idea...

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Getting hold of the SimpleXML is simple enough - you can use the ReST API to retrieve the dashboard definition (See Tom West's video on YouTube https://www.youtube.com/watch?v=B9PuOPfdxd0&t=2858s around the 45minute mark). Getting a modified version back into splunk might be a little bit more tricky.

richgalloway
SplunkTrust
SplunkTrust

I think that falls into the same category as converting an HTML dashboard back into Simple XML - it's a Hard Problem that no one has solved, yet.  Your solution would have to read seemingly random XML and somehow figure out some sequence of Simple XML statements that would produce similar output.  That sounds like PhD work to me.  Export a dashboard then compare the Simple XML to the XML and you'll see what I mean.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...