Splunk Search

How to search for dashboards and reports created by a specific user/owner?

vinodsinha
Explorer

Hi Team,

I was looking for reports, searches, saved searches, and Dashboards created by specific users/owners.
Some of the users/owners left the company, but reports and dashboards still exist in Splunk. So, I need to find those dashboard and reports.

Thanks,

1 Solution

chimell
Motivator

Hi
Try this in splunk web
Go to
1-Settings-->All Configuration
2-In the All configuration page , select All in App context dropdown and your user name in Owner dropwdown then you will see the list of reports and dashboards that user has created

0 Karma

ngatchasandra
Builder

somesoni2
Revered Legend

Try something like this

| rest /servicesNS/PutUserNameHere/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboard" | append [| rest /serviceNS/PutUserNameHere/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:.acl.app as AppName 
0 Karma

svarathan_splun
Splunk Employee
Splunk Employee

Thanks for the Query, worked great - I just found two typos:

| rest /servicesNS/-/-/data/ui/views | table author title eai:acl.app | eval Type="Dashboards" | append [| rest /servicesNS/-/-/saved/searches | table author title eai:acl.app | eval Type="SavedSearch/Report"] | rename author as Owner title as Name eai:acl.app as AppName

0 Karma

vinodsinha
Explorer

Executed above query and getting below error:-
Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/kavithasr/-/data/ui/views?count=0 from server=https://127.0.0.1:8089

0 Karma

somesoni2
Revered Legend

Are you trying to run the command of Splunk Cloud trial OR does your user role has permission to run REST command?? (I guess you need admin_all_objects capability)

0 Karma

vinodsinha
Explorer

my account has splunk admin privilege and we are using Splunk Cloud Licences version.

other REST command is working fine for me

0 Karma

vinodsinha
Explorer

while executed above query getting error

22 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.

Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/PutUserNameHere/-/data/ui/views?count=0 from server=https://127.0.0.1:8089
The limit has been reached for log messages in info.csv. 27 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
0 Karma

somesoni2
Revered Legend

Seems like permission issue only. Check with your Splunk admin if you've permissions to run REST command and if not (surely) then request to get that.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...