Splunk Search

changing the existing dashboard reports to show real-time alert

Explorer

How can I show and update the real-time alert whenever I have created the dashboard previously?

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Dashboards are driven by searches. Searches are either historical or real-time. If a chart on your dashboard isn't "automatically refreshed" it's almost certainly because the search wasn't created with a real-time time range. You can go to Manager -> "Searches and reports" and find your search. Simply edit it and change the timeframe from something like "-24h@h to now" (historical time spec) to "rt-5m to rt" (real-time time spec)

0 Karma

Explorer

My problem is that after I have created the panels for my dashboard, my date and time were not indicated correctly as time goes by. I have to refresh manually by myself so that the results will be updated...

0 Karma

Explorer

What I want to know is that how to modify the changes of the real-time information e.g(refreshed:today at 12:04:09 )on the dashboard so that it will automatically refreshed and update the latest results every second. This real-time information is located at the top -right hand corner of a panel.

0 Karma

Motivator

can you give more details and/or examples of what you want to do as this is not clear?

0 Karma