As we saw in the previous chapter, dashboards are a great way to present many different pieces of information. Rather than having lots of disparate dashboards across your Splunk environment, it makes a lot of sense to group related dashboards into a common Splunk application, for example, putting operational intelligence dashboards into a common Operational Intelligence application.
In this recipe, you will learn how to move the dashboards and the associated reports you created in the last couple of chapters into our new Operational Intelligence application.
To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should have also completed the recipes from the earlier chapters. You should be familiar with navigating the Splunk user interface.
Follow these steps to move your dashboards into the new application:
website_monitoring
dashboard row in the list of views and click on the Move link to the right of the row.cp0*
to view the searches (reports) created in Chapter 2, Diving into Data – Search and Report and Chapter 3, Dashboards and Visualizations – Make Data Shine. Click on the Move link of the first cp0*
search in the list.All the dashboards and reports are now moved to your new Operational Intelligence application.
In the previous recipe, we revealed how the Splunk apps are essentially just collections of directories and files. Dashboards are XML files found within the $SPLUNK_HOME/etc/apps
directory structure. When moving a dashboard from one app to another, Splunk essentially just moves the underlying file from a directory inside one app to a directory in the other app. In this recipe, you moved the dashboards from the Search & Reporting app to the Operational Intelligence app, as represented in the following screenshot:
As visualizations on the dashboards leverage the underlying saved searches (or reports), you also moved these reports to the new app so that the dashboards maintain permission to access them. Rather than moving the saved searches, we could have changed the permissions of each search to Global so that they could be seen from all the other apps in Splunk. However, the other reason we moved the reports was to keep everything contained within a single Operational Intelligence application, which we will continue to build out going forward.
It is best practice to avoid setting permissions to Global for reports and dashboards, as this makes them available to all the other applications when they most likely do not need to be. Additionally, setting global permissions can make things a little messy from a housekeeping perspective and crowd the lists of reports and views that belong to specific applications. The exception to this rule might be for knowledge objects such as tags, event types, macros, and lookups, which often have advantages in being available across all applications.
As you went through this recipe, you probably noticed that the dashboards had application-level permissions but the reports had private-level permissions. The reports are private as this is the default setting in Splunk when they are created. This private-level permission restricts access to your user account and admin users. In order to make the reports available to the other users of your application, you need to change the permissions of the reports to Shared in App, as we did when adjusting the permissions of reports.
Changing the sharing permission levels of your reports from the default Private to App is relatively straightforward:
3.138.105.124