Solved: How to search for dashboards and reports created b...

vinodsinha · ‎02-16-2016

Hi Team,

I was looking for reports, searches, saved searches, and Dashboards created by specific users/owners.
Some of the users/owners left the company, but reports and dashboards still exist in Splunk. So, I need to find those dashboard and reports.

Thanks,

ngatchasandra · ‎02-17-2016

Hi vinodsinha,

Try to follow the link:

https://answers.splunk.com/answers/168898/how-can-we-find-all-the-searches-alerts-dashboard.html

this could help you!

View solution in original post

chimell · ‎02-17-2016

Hi
Try this in splunk web
Go to
1-Settings-->All Configuration
2-In the All configuration page , select All in App context dropdown and your user name in Owner dropwdown then you will see the list of reports and dashboards that user has created

ngatchasandra · ‎02-17-2016

Hi vinodsinha,

Try to follow the link:

https://answers.splunk.com/answers/168898/how-can-we-find-all-the-searches-alerts-dashboard.html

this could help you!

somesoni2 · ‎02-16-2016

Try something like this

| rest /servicesNS/PutUserNameHere/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboard" | append [| rest /serviceNS/PutUserNameHere/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:.acl.app as AppName

svarathan_splun · ‎07-28-2016

Thanks for the Query, worked great - I just found two typos:

| rest /servicesNS/-/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboards" | append [| rest /servicesNS/-/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:acl.app as AppName

vinodsinha · ‎02-16-2016

Executed above query and getting below error:-
Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/kavithasr/-/data/ui/views?count=0 from server=https://127.0.0.1:8089

somesoni2 · ‎02-16-2016

Are you trying to run the command of Splunk Cloud trial OR does your user role has permission to run REST command?? (I guess you need admin_all_objects capability)

vinodsinha · ‎02-16-2016

my account has splunk admin privilege and we are using Splunk Cloud Licences version.

other REST command is working fine for me

vinodsinha · ‎02-16-2016

while executed above query getting error

22 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.

Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/PutUserNameHere/-/data/ui/views?count=0 from server=https://127.0.0.1:8089
The limit has been reached for log messages in info.csv. 27 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.

somesoni2 · ‎02-16-2016

Seems like permission issue only. Check with your Splunk admin if you've permissions to run REST command and if not (surely) then request to get that.

How to search for dashboards and reports created by a specific user/owner?

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024