Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Export Logs from Zabbix to Splunk Dashboard via API on Button Click

rohithvr19
Loves-to-Learn Everything
‎01-11-2025 02:13 AM

Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix and display them on the dashboard? The dashboard should only be visible after the button is clicked. Has anyone implemented something like this before? Please help, as I’m really stuck on this!

0 Karma
Reply

rohithvr19
Loves-to-Learn Everything
‎01-11-2025 06:58 AM

Thank you, @gcusello and @PickleRick, for your responses.

I have tried using the Zabbix add-on for Splunk, but unfortunately, it is not working for my use case. My requirement is to display real-time audit logs from Zabbix in a Splunk dashboard, but only upon user request, such as via a button click or similar functionality.

Could you suggest a standard and efficient approach to accomplish this task?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-11-2025 11:33 AM

Honestly, it looks as if you were trying to have a Zabbix console just done with other tools. It doesn't make much sense.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-11-2025 07:50 AM

Hi @rohithvr19 ,

real time monitoring isn't possible, you can have a near real time monitoring sheduling a very frequent update of the data (e.g. every 5 or 10 minutes), otherwise, you need a different solution.

As I said, the performace of a query pressing a button are very very low!

and the only solution is a frequent update (e.g. every 5 minutes).

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-11-2025 04:21 AM

Strictly theoretically speaking it would probably be possible to do what you want using classic dashboard, a lot of custom JS and possibly a custom search commands. The thing is, it's so unusual and custom there's a fat chance noone ever tried something like that and you'd have to write everything from scratch yourself.

But as @gcusello already pointed out - it's completely opposite to the normal Splunk data workflow. What's your use case?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-11-2025 02:20 AM

Hi @rohithvr19 ,

this is the opposite of the normal way to run of Splunk:

Splunk isn't a client of external platforms to use when needed.

The usual way to run is:

  • schedule the ingestions of logs from the external source (e.g. Zabbix and save the extraction in an index,
  • run a search n a dashboard and display logs.

It's the same approach to use DB-Connect: you can run SQL queries but the correct approach is schedule queries and run on indexed results.

Why this? because your approach is very very slow and results aren't saved in any archive, so you have ro run the API script every time and it consumes a large amount of resources.

Use the Splunk Add-On for Zabbix ( https://splunkbase.splunk.com/app/5272 ) to extract logs and then create your own dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...