This is a straight-forward dashboard with a straight-forward problem to solve.
I had a customer who was about to undertake a massive overhaul of their Splunk lexicon. They had been using custom indexes and sourcetypes for years and were desperate to start over. They had one problem, though. They couldn’t just delete everything and start anew. They still had an active user-base who would be very, very upset if their dashboards or saved searches were to suddenly stop working.
The customer’s request was simple: “I need a dashboard where I can search for sourcetypes and indexes in public dashboards, saved searches, and event types.” Here is that dashboard.
I’ll link directly to my Github profile below where you can take the raw XML and use it in your environment today. This dashboard works exclusively on REST API calls – this should be fairly plug-and-play. Simply search for a string, hit submit, and find out how many dashboards, saved searches, and event types contain that very string. Click on the panel you’re interested in drilling down on and a hidden panel will appear showing you who wrote it, which app it belongs to, the permissions, and the raw search/dashboard XML itself.
Feel free to commit any issues on my profile if you encounter any bugs.