Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create dashboards so they update/refresh search results?

CREVITCH
Path Finder
‎01-19-2016 02:56 PM

I save dashboards from both search and report, and it appears that the dashboards run the search every time it is brought up, but does not refresh after that. I have read that it is supposed to display the cached search. What is the proper way to create dashboards so that they update properly. Is there a way to do this from Splunk Web or only in XML?

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎01-19-2016 03:30 PM

Save your searches as reports (saved searches) and use the saved search name in your dashboards. The results of a saved search are kept in the dispatch directory for twice as long as your search timeframe, i.e. if you search over the past 4 hours, search results will be cached for 8 hours (by default) before being reaped.
Not sure what you meant with your second question in your comment.

0 Karma
Reply

CREVITCH
Path Finder
‎01-19-2016 02:57 PM

also is there any way to just display the results of an alert on a dashboard? The schedule is already in the alert. It would be nice to just display the results rather than create a new search.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...