Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alert Triggered Action: Dashboard Studio Snapshot

josemanm12
Engager
‎10-16-2025 08:33 PM

I understand that it is currently possible to schedule the export of a Dashboard Studio dashboard in PDF or PNG format through the View → Actions → Scheduled Export option.
However, this functionality does not include a trigger-based activation option, so the export can only be scheduled at fixed intervals and not triggered by a specific alert condition.

At the moment, I have an alert configured to send an email when the trigger condition is met. However, I would like that email to include a PDF attachment with a snapshot of the Dashboard Studio dashboard.

I have also noticed a new Alert Action called Dashboard Studio Snapshot. However, I have tried searching for information about how it works, but I haven’t found any documentation or available examples.

Screenshot 2025-10-16 at 9.24.14 PM.png

 

Thanks in advance,

Jose 

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎10-18-2025 04:00 AM

Hi @josemanm12 

I also wasnt able to find a scrap of documentation about this feature, however I think Ive worked it out based on the script (etc/apps/splunk-dashboard-studio/bin/studio_snapshot.py) that the action runs.

The action triggers a dashboard snapshot for the same ID as the name of the saved search, within the same app with the same owner. 
For example - if you have a Published Dashboard called 'Test Dashboard' (whose id/slug is 'test_dashboard' then you will need to create an alert called 'test_dashboard' with the 'Dashboard Studio Snapshot' action.

When the alert triggers and there is >0 events it will call the action which will trigger a new snapshot of the published dashboard.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

josemanm12
Engager
‎10-27-2025 08:57 AM

Thanks a lot for the detailed explanation — it was really helpful! 
I reviewed the logs and everything seems to be working correctly now.

Appreciate you sharing the insights about how the studio_snapshot action works.

10-27-2025 08:00:00.716 -0600 INFO sendmodalert [2331900 AlertNotifierWorker-1] - Invoking modular alert action=studio_snapshot for search="_ScheduledView___SnapshotView__prueba_monitoreo_desviacion_trafico" sid="scheduler__splunk__search__RMD56cec69122e67ad7e_at_1761573600_60493" in app="search" owner="splunk" type="saved"

10-27-2025 07:35:02.593 -0600 INFO sendmodalert [2262246 AlertNotifierWorker-0] - action=studio_snapshot - Alert action script completed in duration=2020 ms with exit code=0

One thing I’m not sure about — where is the PDF file actually being saved when the studio_snapshot action runs? I couldn’t find it anywhere in the filesystem.

Regards,

Jose

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...