Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to export the Data Summary information on the Search Page to a dashboard?

mikesangray
Path Finder
‎07-10-2015 10:33 AM

I was looking at the Data Summary information on the Search page and noticed that there doesn't seem to be a way to export this data or view it in a better format. Is there a way to send this data to a dashboard?

It seems like the data is available in SoS, but the view is already created in 'Data Summary' and I assume (please clarify/correct) that it is viewable by anyone who can see the search page? Which then begs the question - can everyone see this data and drill into it? If so, can permissions be controlled? I don't need/want everyone/anyone to be able to see all of this information.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

emiller42
Motivator
‎07-10-2015 10:44 AM

Looks like the data summary is coming from metadata searches. Example: 

| metadata type=sourcetypes

You can build your own searches based on the data that command provides. What people can see is based on their role permissions. They won't see data for indexes they don't have access to.

View solution in original post

Reply
Solved! Jump to solution
Solution

emiller42
Motivator
‎07-10-2015 10:44 AM

Looks like the data summary is coming from metadata searches. Example: 

| metadata type=sourcetypes

You can build your own searches based on the data that command provides. What people can see is based on their role permissions. They won't see data for indexes they don't have access to.

Reply
Solved! Jump to solution

mikesangray
Path Finder
‎07-10-2015 12:36 PM

Thanks, this helps.

The | metadata type= gets me what I need (hosts, sources, sourcetypes).

Reply
Solved! Jump to solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎07-10-2015 11:18 AM

The data summary represents the data that is available to the user in question and searchable by default. They may have access to other indexes (and if they aren't searchable by default, the counts for source/sourcetype/host, won't show up there).

For example, as admin, you likely have access to _internal and _audit but you won't see their sourcetypes etc. in the data summary unless those indexes are searched by default.

Please see this documentation on how to use access control to secure data in Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...