Skip to content

Commit 0385bce

Browse files
devinslickdevinslick
committed
Fix Dashboard Views collector: use splunkd_ui_access instead of splunkd_access
1 parent 9fba247 commit 0385bce

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

default/savedsearches.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@
88
action.email.useNSSubject = 1
99
alert.track = 0
1010
cron_schedule = */5 * * * *
11-
description = Collects dashboard view metrics from splunkd_access logs
11+
description = Collects dashboard view metrics from splunkd_ui_access logs
1212
dispatch.earliest_time = -5m
1313
dispatch.latest_time = now
1414
enableSched = 0
15-
search = index=_internal sourcetype=splunkd_access method=GET uri_path="/*/app/*" status=200 | rex field=uri_path "/[^/]+/app/(?<app>[^/]+)/(?<dashboard_name>[^/?]+)" | where isnotnull(dashboard_name) | eval dashboard_uri="/app/".app."/".dashboard_name | lookup dashboard_registry dashboard_uri OUTPUT pretty_name app as reg_app owner | where isnotnull(pretty_name) | stats count by dashboard_uri, pretty_name, app, user | eval activity_type="view", metric_name="dashboard.views" | mcollect index=caca_metrics split=t pretty_name app user activity_type
15+
search = index=_internal sourcetype=splunkd_ui_access uri_path="/*/app/*" | rex field=uri_path "/[^/]+/app/(?<app>[^/]+)/(?<dashboard_name>[^/?]+)" | where isnotnull(dashboard_name) | eval dashboard_uri="/app/".app."/".dashboard_name | lookup dashboard_registry dashboard_uri OUTPUT pretty_name app as reg_app owner | where isnotnull(pretty_name) | stats count by dashboard_uri, pretty_name, app, user | eval activity_type="view", metric_name="dashboard.views" | mcollect index=caca_metrics split=t pretty_name app user activity_type
1616
schedule_priority = default
1717
schedule_window = 5
1818
dispatchAs = owner
@@ -25,7 +25,7 @@ description = Collects dashboard edit/creation metrics from audit logs
2525
dispatch.earliest_time = -10m
2626
dispatch.latest_time = now
2727
enableSched = 0
28-
search = index=_audit action=edit_view OR action=create_view object_type=view | rex field=object "(?<app>[^:]+):(?<dashboard_name>.+)" | eval dashboard_uri="/app/".app."/".dashboard_name | lookup dashboard_registry dashboard_uri OUTPUT pretty_name app as reg_app owner | where isnotnull(pretty_name) | stats count by dashboard_uri, pretty_name, app, user, action | eval activity_type=if(action="create_view", "create", "edit"), metric_name="dashboard.edits" | mcollect index=caca_metrics split=t pretty_name app user activity_type
28+
search = index=_audit (action=rest_apps_view_post OR action=rest_apps_view_put) object_type=view OR object="*:*" | rex field=object "(?<app>[^:]+):(?<dashboard_name>.+)" | eval dashboard_uri="/app/".app."/".dashboard_name | lookup dashboard_registry dashboard_uri OUTPUT pretty_name app as reg_app owner | where isnotnull(pretty_name) | stats count by dashboard_uri, pretty_name, app, user, action | eval activity_type=if(action="rest_apps_view_post", "create", "edit"), metric_name="dashboard.edits" | mcollect index=caca_metrics split=t pretty_name app user activity_type
2929
schedule_priority = default
3030
schedule_window = 5
3131
dispatchAs = owner

0 commit comments

Comments
 (0)