Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Export Logs from Zabbix to Splunk Dashboard via API on Button Click

rohithvr19
Engager
a month ago

Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix and display them on the dashboard? The dashboard should only be visible after the button is clicked. Has anyone implemented something like this before? Please help, as I’m really stuck on this!

Labels (1)
Labels
0 Karma
Reply

rohithvr19
Engager
a month ago

Thank you, @gcusello and @PickleRick, for your responses.

I have tried using the Zabbix add-on for Splunk, but unfortunately, it is not working for my use case. My requirement is to display real-time audit logs from Zabbix in a Splunk dashboard, but only upon user request, such as via a button click or similar functionality.

Could you suggest a standard and efficient approach to accomplish this task?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
a month ago

Honestly, it looks as if you were trying to have a Zabbix console just done with other tools. It doesn't make much sense.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
a month ago

Hi @rohithvr19 ,

real time monitoring isn't possible, you can have a near real time monitoring sheduling a very frequent update of the data (e.g. every 5 or 10 minutes), otherwise, you need a different solution.

As I said, the performace of a query pressing a button are very very low!

and the only solution is a frequent update (e.g. every 5 minutes).

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
a month ago

Strictly theoretically speaking it would probably be possible to do what you want using classic dashboard, a lot of custom JS and possibly a custom search commands. The thing is, it's so unusual and custom there's a fat chance noone ever tried something like that and you'd have to write everything from scratch yourself.

But as @gcusello already pointed out - it's completely opposite to the normal Splunk data workflow. What's your use case?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
a month ago

Hi @rohithvr19 ,

this is the opposite of the normal way to run of Splunk:

Splunk isn't a client of external platforms to use when needed.

The usual way to run is:

  • schedule the ingestions of logs from the external source (e.g. Zabbix and save the extraction in an index,
  • run a search n a dashboard and display logs.

It's the same approach to use DB-Connect: you can run SQL queries but the correct approach is schedule queries and run on indexed results.

Why this? because your approach is very very slow and results aren't saved in any archive, so you have ro run the API script every time and it consumes a large amount of resources.

Use the Splunk Add-On for Zabbix ( https://splunkbase.splunk.com/app/5272 ) to extract logs and then create your own dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...