You'd think there'd be a dashboard for this similar to the one for Orphaned KOs, but there isn't.
The solution is to create your own, first by building a list of all dashboards or alerts using a rest command.
| rest /servicesNS/-/-/data/ui/views splunk_server=local ```List all dashboards```
| rest /servicesNS/-/-/saved/searches splunk_server=local | search alert_type!="always" ``` List all alerts ```
Then crawl the access logs (index=_internal source=*access.log) sufficiently far back (up to 30 days) to find which dashboards or alerts where accessed. Then use a subsearch to find the difference between that and the list of all dashboards/alerts.
| rest splunk_server=local /servicesNS/-/-/data/ui/views | search NOT [index=_internal source=*access.log <<SPL to find the dashboard name>> | dedup <<dashboard name>> ]
Thanks for your response @richgalloway . Let me try this out and check 🙂