Supporting App for AXL | Installation Notes
AXL Install 3 - Populate Devices
Populating Devices
If you look in Splunk’s Settings > Searches, Reports and Alerts
- change to “All” apps
- change “owner” to “nobody”
- ‘filter’ for “get_devices_example”
You’ll see we ship a disabled saved search called “get_devices_example”. Here’s how to convert it to a usable search that you can schedule:
- For that search, click Edit and then Clone it to a new search, named “get_devices_via_axl” or similar.
- View that cloned report, and on the resulting screen click Enable Report to enable it (it clones disabled, like the original).
- Confirm the data looks good for your environment, and remember it might take a few moments for it to return data. Just be patient.
- Edit the search (Edit > Open in Search) and add to the end
| outputlookup devices - Run that search once again to populate the devices lookup for the first time.
- In another window, check that your Browse > Devices pages in the app now have fields like productName. Once you’ve confirmed, continue with step 7.
- Save the altered search.
Note this only creates the *initial* copy of the devices in the system. Continue below to have it automatically update itself nightly.
Scheduling the AXL search
Go back to Settings > Searches, Reports and Alerts and search for the version of the report you built in the previous step. Once found:
- Click Edit, then Edit Schedule for that report
- Enable the checkbox to Schedule Report
- Change the settings to suit your needs. We recommending Run every day at 1:00 or 2:00.
- Click Save.
Next Steps
Now that you have the Devices lookup set up and enabled, there will be a few more fields available to you for use everywhere in the app. You can read about them in our page on Using Devices. Or drop us a line and we’d be happy to hop on with you and show you around what you now have — there’s more there than may first meet the eye.
Related
There are many ways to deploy, configure and update the Splunk Universal Forwarder. Here we cover a variety of the more advanced ways to handle updating the TA for Cisco CDR Reporting and Analytics.