- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk Rest Query to see the definitions of all da...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
We had couple of dashboards who created by ex-employees and existing team is unable to access them.
Even we dont have access to admin privileges to access .
Is there any rest query to fetch dashbaord name and along with the query ( code ) so that we can save them as new name and use it for reference.
Thank you,
SriCharan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need eai:data field too :
| rest /servicesNS/-/-/data/ui/views
| rename eai:acl.app AS app
| rename eai:acl.perms.write as dashboard-write-permission
| rename eai:acl.perms.read as dashboard-read-permission
| rename eai:appName as appName
| rename eai:data AS data
| join type=outer appName
[| rest /servicesNS/-/-/apps/local
| rename title AS appName
| rename eai:acl.perms.read AS app-read-permission
| rename eai:acl.perms.write AS app-write-permission]
| table app label title dashboard-read-permission dashboard-read-permission app-write-permission app-read-permission data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @splunkfriend123,
to have the list of all your dashboards you can use the search shared by @Roy_9.
To change the owner of these dashboard, it depends on the share level of them:
if they are private, you have to move them by CLI from the $SPLUNK_HOME/etc/users/<user_name>/apps/<your_app>/local folder into your username folder, or to copy them and use the code to create a new one.
If they are in an App, you have to modify $SPLUNK_HOME/etc/apps/<your_app>/metadata/meta.local the owner of your dashboards.
In both cases, you have to restart Splunk.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@splunkfriend123 try this
| rest /servicesNS/-/-/data/ui/views
| rename eai:acl.app AS app
| rename eai:acl.perms.write as dashboard-write-permission
| rename eai:acl.perms.read as dashboard-read-permission
| rename eai:appName as appName
| join type=outer appName
[| rest /servicesNS/-/-/apps/local
| rename title AS appName
| rename eai:acl.perms.read AS app-read-permission
| rename eai:acl.perms.write AS app-write-permission]
| table app label title dashboard-read-permission dashboard-read-permission app-write-permission app-read-permission
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Roy_9 :
Thanks a ton for your quick response.
The query you provided fetches dashboard name but not its definition.
Is there any way to modify this query to fetch the definition ( query used for creating dashboard ) ?
Many thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need eai:data field too :
| rest /servicesNS/-/-/data/ui/views
| rename eai:acl.app AS app
| rename eai:acl.perms.write as dashboard-write-permission
| rename eai:acl.perms.read as dashboard-read-permission
| rename eai:appName as appName
| rename eai:data AS data
| join type=outer appName
[| rest /servicesNS/-/-/apps/local
| rename title AS appName
| rename eai:acl.perms.read AS app-read-permission
| rename eai:acl.perms.write AS app-write-permission]
| table app label title dashboard-read-permission dashboard-read-permission app-write-permission app-read-permission data
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
