Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search alias for a dashboard

SplnkUse
Path Finder
‎10-24-2021 02:38 AM

Hello!

 

A dashboard runs a search and I want to create an alert for this. So I replicated the search code to the alert. However, now, if there is a change in the dashboard, my alert will not be updated.

 

Is there a way to create an alert with a search like: "search dashboard1" or something so that whatever changes happen to the dashboard, they will be fed into my alert?

Thanks!

0 Karma
Reply

shivanshu1593
Builder
‎10-24-2021 04:38 AM

You can set a token to capture the job id of your dashboard panel, then make an alert, use the SPL | loadjob <token_name> and save it as a search and put on your dashboard panel. If you already have results in your alert and want the dashboard results to be shown it with, you can always use the append command.

Next time when there's a change in your dashboard, it would get reflected on your search/alert as well.

Hope this helps.

Thank you,

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply

SplnkUse
Path Finder
‎10-24-2021 07:30 AM

Thanks, could you briefly explain the steps please? What I was doing so far was to visit the dashboard, go to Jobs, check the search code there and create an alert with it. Where do I see the token (or create one) and how do I create a search with it? 

Thanks!

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-24-2021 03:55 AM

Can you use a saved search which both the dashboard and alert are based on?

0 Karma
Reply

SplnkUse
Path Finder
‎10-25-2021 12:28 PM

Yes, a saved search would be ideal but what would be its syntax so that it automatically mirrors the search that is triggered when I visit a particular dashboard and reflects any changes in the dashboard underlying code?

 

Would a SID or token or any other way be ideal? I also see there is a 'Dashboard ID' listed under Apps/Dashboards would that be the right alias? Can you provide the steps please to do that? I.e.:

1) Get the SID/token or alias or anything like that by .....

2) Create a search with the above info by ....

3) Create alert with the above search (I know how to do that)

 

Thanks!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...