Solved: Share a search for multiple widgets in a Dashboard

arturoduran · ‎07-16-2014

Hi.

I want to create a Dashboard containing several widgets that mainly, are views of the same set of information regarding activity of users in a system. The widgets will show the information about activity but splitted by different fields, summarized by different criteria or just grouped in many ways.

Basically I want to reuse the same initial search and let every widget add specific constraints to the search or add stats, chart or formatting commands.

Is that possible?

*I'm using Splunk 6.1

martin_mueller · ‎07-16-2014

You're looking for the <searchPostProcess> tag. Grab the Splunk 6 Dashboard Examples app from http://apps.splunk.com/app/1603/ and open the example view Post Process Search to get started.

View solution in original post

martin_mueller · ‎07-16-2014

You're looking for the <searchPostProcess> tag. Grab the Splunk 6 Dashboard Examples app from http://apps.splunk.com/app/1603/ and open the example view Post Process Search to get started.

martin_mueller · ‎07-17-2014

I don't think so, considering the <searchTemplate> is meant to be used for $foo$ token substitution.

However, you can make search acceleration work without a maintenance nightmare by using macros. Place the search in a macro, and use that in both a saved accelerated search and the dashboard(s).

arturoduran · ‎07-17-2014

Thank you, that was what I was looking for!

Another quick question, Is it possible to set a saved search as the template search for a dashboard? As saved searches could be accelerated, it could increase overall performance if the dashboard if its base search is already tuned. Is there a way to make this possible?

Thanks for your help

Arturo

Share a search for multiple widgets in a Dashboard

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)