Discovery Manager
The Discovery Manager
Dashboard is used to add new jobs for discovery. By default, the dashboard shows open discovery jobs from utstream_discovery_jobs
in the top row. The next row, Guided Entries
, allows the user to replay data based on data already given in Splunk. For this, the dashboard uses the REST API of Splunk to get the indexes the current user has access to. Based on the selected indexes, the dropdowns populate with sourcetypes and hosts available in the index.
If files should be discovered for which no data exists in the Splunk environment, the selector Show Manual Entries
has to be set to "Yes". An additional row with textareas for indexes, sourcetypes, and hosts shows if "Yes" is selected. The textareas allow a comma-separated list of entries. Should all indexes, sourcetypes, or hosts be searched, a *
is supported.
After clicking the "Save entry" button, the provided data is shown again to the user for verification, saved to utstream_discovery_jobs
and the table with open discovery jobs reloads.