Splunk Search

How to save search query in a file in Splunk Dashboard

sambit_kabi
Path Finder

Hi ,

I have a requirement where I want to save the search query after the query has run to a file. Basically i want to have a file with Query name and the query so that users can save and load back their queries in the Dashboard.

Would like to know how can i save a query to a file using outputcsv in the Splunk Dashboard ? How do i get hold of that search query with resolved token values.

Also is there a clean way that Splunk provides to save the dashboard query to a file?

Thanks.

0 Karma

acfecondo75
Path Finder

You could create a scheduled report that runs once a day and configure it to output to a csv (using alert actions) and use a date token in the name of the csv so every day a new csv is generated. Then you would have the dashboard panels reference a lookup. you could have a dropdown selector that dynamically pulls a list of any csvs that have the naming convention used by the report by referencing the rest endpoint for lookups.

The searches that do the inputlookup would use a token in place of the token name so whichever day's lookup the user selected from the dropdown would dynamically populate the dashboard.

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...