sorry I meant a inline search report.
Instead of the usual origin report, what if i clone it as the inline search without external dependencies? i.e. i can create my own search string for the report within the dashboard

Ok let me see if I understood. You can definitely create or pwn seach string for any panel/table/whatever object in a dashboard.

More, you can clone a report either by copying your search string from one report to another (let's say to feed another panel in a dashboard), or you could just clone the report directly and then reference it in the dashboard.

In any case it will still be refreshed the same way.

More, You have control over the rate in seconds of refresh of a dashboard in the line
of the simpleXML of the dashboard.

Let me know if I clarified what you need

Thanks a lot for your help.

Perhaps I need to rephrase my question again.

These were the steps I took.
1. Create Pivots from Data model
2. Saved and added them to Dashboard as Panel Powered by :"Inline search"

When i tried making changes to a pivot, the changes were not reflected inside the dashboard automatically.
Only if i chose to add them as a Panel Powered By: Report, the changes can be seen.

So, here are some questions I have that I could not find a clear answer or explanation for (despite hours of googling)

1. When the report is "refreshed", does it only refresh the data source, or the pivot table layout, or both?
2. Does an "Inline Search" refresh from data source automatically, or I have to set it via simpleXML or some complicated coding?
3. Do all Pivot tables get updated and refreshed constantly with their data source? Or do I have to set it manually 1 by 1? Say I created 10 different pivots from the same data model.

Thank you so much once again!!! 🙂
Valerie

Oh ok so now I understood your point. What is happening with you is the intended behaviour:

• List item

If you use the Panel Powered by "Inline Search", then any changes to the report won't be propagated to the Dashboard, because it knows nothing about that report (it is based on a inline search)

• List item

If you want to make a panel to have your changes refreshed, it needs to know where to look for those, and then using the "Report" option is the best choice.

To your questions:

1 - If you "refresh" (change a report), then every place where it is defined (meaning all dashboards that reference it) will have the fresh new updates you made to it.

2 - Your inline search won't be refreshed automatically in any way way because it is hard coded and it is up to you to change it to be what you want. There is no need to go to the simpleXML, just do this in a dashboard:

Edit -> Go to the panel you want to change the search -> Edit Search -> Edit it and Save it.

3- Here your question is different. If you have 10 reports or pivots relying on the same Data Model, and you change the Data Model which is their base, then all of your reports will automatically update themselves. What a change in the Data Model does is actually change the underlying search code beneath your Pivots.

So you have 3 layers here from bottom to top: the Data Model that feeds Pivots, Pivots that can be saved as Reports, and finally Reports that can feed Dashboard Panels (or other dashboard objects). Changing a DataModel affects all the Pivots (and the Reports based on the Pivots). If a Dashboard panel is fed by a Report, then yes that will be changed too.

Inline searches have nothing to do with this layering then.

Hope it clarifies you. Let me know

AMAZING!!! Thank you so much you saved my life !!! 😄 Your explanation is exactly what I needed.
So, just one more question. Since Inline Search is hard -coded, and Report is not, does that mean I cannot use filters on the Report? I could not find a way to edit the search string for the Report such that I can attach filter tokens to them (which is what I usually do for Inline Search).

Yes you are correct. While using a report in a dashboard panel you really can't really change anything, otherwise it would stop being a report and star being a "hard-coded" inline search. You'd have to change things in the source Report.

So if I want to use inline search with filters, how can I manually refresh the data of inline search from data source? Does it have something to do with the auto-refresh interval?

thanks,i think i get your point.
However, what if I am using the same source the whole time? And i just want the inline search to be refreshed automatically from the latest data in the same source?

In that case, you have two options:

1 - Make your inline search dependant on your Time Picker (by going to Edit Search in the panel). Let's say your time range is Last 60 Minutes. After that, anytime you F5 your page, it will be refreshed automatically.

2- You can also force a refresh period in the dashboard itself and you don't need to worry about F5, putting this on your first line of the dashboard simpleXML

<form refresh="30">

Oh, so what you are saying is that if the dashboard is refreshed, even the inline search will be able to obtain the latest data from the same source?

Yes correct. The search will be re-run to the Last 60 minutes in the example I gave you. Every time it is refreshed, you'll get the updated results

Oh okay. Also, I just noticed there is a small little refresh button that appears together with the "Open in pivot" whenever I mouse over the inline search panel. For that refresh button, does it refresh from the pivot OR from the data source?

Remember the Pivot is ultimately relying on a search string, so when you refresh anything there, even with that button, what you are telling Splunk is "Re-run the search and get me the results for the time period I;m looking for"

Wow, thank you. Now i think all my confusions have been cleared up. Thank you for so much for your time and effort to explain(:

Imagine you have a inline search like this: index=A source=B

If you want the source to be refreshed with some value coming from somewhere else, you need to use the following:

index=A source="$source_token$".

That "$source_token$" must come from somewhere in the dashboard panel, such as from a Input (Dropdown, Text, Multiselect, etc). When you create an Input Panel and assign a token to name to it, make sure it matches the one you are using in the inline search

Hi tiagofbmm,
Thanks for your help.
Sorry if my question was confusing.

So let me just briefly summarize what I tried to do.
Firstly I made a pivot table from a data model.
Afterwards I saved it--> Add to Dashboard --> and i chose Panel Powered By : Inline Search (instead of Report).

So when I made changes to the pivot table's formatting, this pivot added as an inline search (which they define it as a clone of the report search string and time range) inside the dashboard was not updated / refreshed automatically.

So here are some questions:
0. Is this inline search refreshable from the data source directly? Or are the results static (shows the old data only at the time of cloning and not the latest data from the server or latest changes made to the file)?
1. Does the refresh option have to be set manually so that whatever changes are made to the pivot table will be updated in the panel in the dashboard? Is it turned off by default?

1. Are the refreshing options for the data source (whether its a local file or database or monitored file) tied to all pivot tables created from the same data source? Or do I need to manually refresh every single pivot table so that they will be updated in the dashboard?

Thank you so much once again.