Splunk- Dashboard

In this section, we are going to learn about How to create and manage the dashboard in our Splunk platform. Here we will learn how we can add different saved reports into our dashboard and what features we can add in our dashboard in order to see the different insights. Along with this, we will also learn how to set different privileges and charts in dashboard and its reports.

About dashboards

The dashboards are views which consist of panels. The panels can include such modules as search boxes, fields, maps, tables, and lists. Usually, the dashboard panels are connected to the reports.

We can add it to a new or current Dashboard after we create a search visualization or save a post. Additionally, we can use a Dashboard Editor to build and edit dashboards. The Dashboard Editor is useful if we have a collection of saved reports which we want to add to a dashboard quickly.

Here's one Dashboard example. In this tutorial, we have taken the example of Buttercup games. The syntax and the procedure will be the same for all the cases, although we can change the main keyword or names as per our need.

Change dashboard permissions

We can give Dashboard Editor access to a dashboard. However, our user function and the capabilities specified for that function may restrict the type of access we can have.

If our Splunk user role is admin (with the default set of capabilities), we can create private dashboards, visible in a specific app, or visible in all apps. We may also give access to other Splunk user positions with different skills, such as user, admin, and other functions.

Change dashboard panel visualizations

We are using the Visualization Editor to adjust the form of visualization in the panel after we create a panel with the Dashboard Editor, and decide how the viewing will display and behave.

Create dashboards and panels

In this section, we will save a search as a dashboard panel and add an input element to the dashboard.

Save a search as a dashboard panel

1. Start a new search.
2. Change the time range to the Previous week.
3. Run the following search.

   sourcetype=access_* status=200 action=purchase | top categoryId

   
   This search returns the events for successful (status=200) purchases from web server access log files. The top command automatically returns the purchase count for each product and the percentage of the total purchases for each product.
   
4. Click the Visualization tab. The displays shows a Line Chart.
5. Change the Line Chart to Pie Chart.
   
6. Click Save As and select the Dashboard Panel.
7. Define a new dashboard and dashboard panel.
   1. For Dashboard, click New.
   2. For Dashboard Title, type Buttercup Games - Purchases.
   The Dashboard ID field
   displays buttercup_games__purchases.
   
   3. For Dashboard Description, type Reports on Buttercup Games purchases data.
   4. For Dashboard Permissions, keep the default setting Private.
   5. For Panel Title, type Top Purchases by Category.
   6. For Panel Content, keep the setting for Pie Chart.
   
8. Click Save.
9. In the confirmation dialog box, click View Dashboard.
   

We now have a dashboard with one panel of reports. We can either run new searches and save them on this dashboard to add more report tables or add saved results to that dashboard. In the next segment, we can add more panels to the dashboard.

For now, let's spend a little bit more time on this dashboard panel.

View and edit dashboard panels

A separate view is given to see a list of the dashboards we have access to. We can create dashboards from this view, and make changes to the dashboards and dashboard panels.

1. Click Dashboards in the App bar to see the Dashboards view.

We can see a pop-up dialog box asking if we'd like to take a Dashboard tour. When we are taking the tour, there is an opportunity to try the dashboards ourselves at the end of the ride. This alternative provides a view of the Dashboards.

There are several built-in dashboards in the list, in addition to the Buttercup Games-Purchases dashboard that we made.

2. Click the arrow (>) icon in the I column to extend the Dashboard information for the Buttercup Games-Purchases dashboard.

We can see information about the software associated with this dashboard, whether the dashboard is scheduled or not, and the dashboard permissions.

Add controls to a dashboard

We can add input controls to dashboard panels, such as the Time range picker.'

1. In the Dashboards list, click Buttercup Games - Purchases to display that dashboard.
2. Click Edit.

We may use either the UI or the Source to edit the Dashboard. We can then add panels and inputs to the dashboard with the UI option.

• Use the choice Add Panel to build a new panel, add a report as a panel, or clone from an existing dashboard.
• We can select from a list of controls to add to the dashboard, including text, a checkbox, and a time range picker, using the Add Input option.

We can use the choice Dark Theme to adjust the Dashboard background appearance. We must save and refresh the dashboard to allow the theme update.

We can edit the source XML for the panel directly using the Source option. Within this example, editing the source directly isn't mentioned.

Add saved reports to a dashboard

Prerequisite

Make sure we have the Games Buttercup-Buy the dashboard. This dashboard was created and modified in this tutorial 's previous segment, Creating Dashboards and Panels. Before continuing with this section, we must build the dashboard.

1. Tap on Dashboards in the Apps bar to view a list of our dashboards, and pick Buttercup Games-Purchases dashboard.
   
2. Click Edit in the Actions window, and pick Edit Panels. Opens the website Edit Dashboard.
3. Click Add Panel.
   The sidebar panel Add Panel opens to the right of the browser.
   
4. Select New from Report, to add a new panel from an existing study.
   The list extends to include reports we created and saved and embedded.
   
5. Select Trends to Buy.
   The Preview sidebar appears next to the Add Panel sidebar. The preview includes report details, the search on which the report is based, and a summary of the report itself. This is the report we built on the sparkline map.
   
6. Tap on The Dashboard Add.
   The updated screen is at the underside of the dashboard.
7. Select the chart Analysis of Activities and Conversion Levels by Item from the Add Panel sidebar tab, and add it to the dashboard.
   
8. Close the Add Panel sidebar.
9. Rearrange the Dashboard panels.
   Drag and drop a tab at the top of the column, by drag and drop button. A four-pointed arrow symbol appears on the drag & drop-bar when we drag a line.
   
10. To add our changes to the dashboard, press Add in the Edit Dashboards window.
    Our Dashboard will look like the picture below.
    

Adding a search to an existing dashboard

We can save an ad hoc search as a panel in an existing dashboard.

Prerequisite

This example includes the productName field in this tutorial 's section Allowing field lookups. Until continuing with this section, we must complete all of those steps. If we don't configure the lookups area, the searches in this section do not produce the appropriate results.

Let's use the lookup to run the search below.

Click Search in the Apps bar to start a new search.

1. Make sure that the time range is set to All time.
2. To evaluate the VIP client and the items purchased by the client, run the search below.

   sourcetype=access_* status=200 action=purchase [search
   sourcetype=access_* status=200 action=purchase | top limit=1
   clientip | table clientip] | stats count AS "Total Purchased",
   dc(productId) AS "Total Products", values(productName) AS
   "Product Names" BY clientip | rename clientip AS "VIP Customer"

   The following image shows the results of the search
   
3. Click Save As and choose Dashboard panel.
4. For Dashboard, click Existing and select Buttercup Games - Purchases.
5. For Panel title, type VIP Client Purchases.
6. Click Save.
7. Click View Dashboard.
8. Click Edit.
9. In the dashboard editor, drag the VIP Client Purchases panel next to the Top Purchases by a Category pie chart.
10. Click Save.
    Our dashboard should look like the following image.