Does Splunk have a collaborative notebook capabili...

eugenek · ‎08-03-2016

We're looking for a capability similar to IPython or Apache Zeppelin, where queries can live together with documentation and users can collaboratively work on them. Is there anything like that out there for Splunk?

pmeyerson · ‎02-16-2018

EDIT: check the Splidgets apps on splunkbase too! https://splunkbase.splunk.com/app/3648/
https://splunkbase.splunk.com/app/3647/ May give some hints if it doesn't solve your problem.

Also saw this blogpost on using dashboards to update a kvstore: https://www.hurricanelabs.com/splunk-tutorials/building-a-crud-dashboard-utilizing-a-kv-store-in-spl...

Just saw this, someone wrote a way to connect to splunk using the SDK, from within a jupyter notebook. Maybe this is what you're looking for. https://github.com/dformoso/splunk-jupyter

eugenek · ‎02-22-2018

The splunk-jupyter project looks interesting. Will have to take a look.

pwmcintyre · ‎09-25-2016

This is a killer feature i hope they're working on in the background. Currently the SPL doesn't even support comments, let alone documentation. The closest thing would be shared saved searches, but after using notebooks, saved searches are miles behind.

esix_splunk · ‎02-17-2018

Do you mean this?

** http://docs.splunk.com/Documentation/Splunk/latest/Search/Addcommentstosearches **

Been around for a bit...

lycollicott · ‎02-22-2018

That link is broken, but no, I'm not trying to add comments to searches.

lycollicott · ‎08-03-2016

I created an application of documentation which has dashboards of HTML panels of the documentation and other dashboards which dynamically list some basic info about our indexes and sourcetypes. It is possible. (I don't have a scrubbed shell of it to share yet - but that is on my end less todo list!)

Masa · ‎08-04-2016

+1 as a good one 🙂

I thought eugenek is looking for a feature like you write dashboard code and show the dashboard, also add comment to explain it in one page. Dynamically you can change the code and change result of dashboards. I know IPython can do it.

I still like your custom feature 🙂

lycollicott · ‎08-05-2016

I've thought about trying to do something where you fill in a form that would populate a lookup or maybe even an index that would be read and tokenized back into the dashboard, but so little time. I'll probably be retired before I get around to that.

eugenek · ‎02-22-2018

I was looking for something where, rather than documenting a finished product, you could have a working document with embedded queries. Take a look this as an example (you can skip to 0:35)
http://go.databricks.com/videos/collaboration-in-databricks

Masa · ‎08-03-2016

Are looking for some documentation feature to show both comments and source code with dashboards view? Splunk Core does not ship such feature. But, maybe you can see possibilities in Splunk 6.x Dashboard Examples (https://splunkbase.splunk.com/app/1603/ ). Again, Splunk itself does not ship the feature you're looking for. As you might know, Splunk's Simple XML feature to avoid writing codes to develop dashboards by moving or adding component is main stream of Splunk core feature. For advanced dashboards using javascript, css and even backend custom rest calls, currently there is no IDE tool like IPython.

Does Splunk have a collaborative notebook capability?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?