BS

Thursday, November 14, 2024

Splunk_Dashboard_Tech Tonic with Kiran_y

 

  1. Splunk Dashboard Inputs

  • How to give inputs in dashboard splunk

  • Login Splunk – Search & Reporting App  > Dashboard

  • We build the dashboard by using SPL query

  • Create a query in search app, save as > dashboard

    • Tilte – Description – Permission – Classic OR Studio

      • From classic to Dashboard studio we can clone it

    • Panel Title

    • Visualaization Type

    • Save to Dashboard

  • In Dashboard

    • Export > Export PDF or Schedule PDF Delivery OR Print

  • … Buttons > Clone  OR  Clone in Dashboard Studio  OR Edit Permissioin OR Set as Home Dashboard

  • Edit 

    • Add Input

  • Add Input – Radio Button

    • A screenshot of a computer Description automatically generated

    • Modify the Index query 

    • Web Application has method (GET or POST)

    • Use Query for EPB

    • index=epb_it_checkpoint source="checkpoint:web" sourcetype=cp_log

    • Radio Button + Submit button

    • Checkbox 

    • “Search On Change” is required if we don’t have “Submit” Button.  Either one

    • Dynamic Option – provide search query

      • Tokan value prefix  “ 

      • total value suffix “

      • Delimeter : <space> OR <space>

    • Multiselect  34’



  1. Splunk Multi Select Input 8”

  • Dynamic multiselect – use query to dynamically populate value to choose

  • Token = ms_dynamic, 

  • Static Options – we can hard coded

  • Dynamic Options – we can write query

  • Field For Label, Field for Value

  • We can provide “All” in static option

  • Default = All

  • If it is dynamic, Token value prefix and suffix  = both are “,  Delimiter <space> OR <space>

  • In the subsequent query we we provide drill down, add in query $token$ 

  • Front end – doing in UI., Backend doing stuff in source (code)

  1. Splunk Dropdown based on another Dropdown

  • Go to Dashboards > We have some system generated
    Dashboards owner is nobody

  • Add Input > Dropdown

    • Label > countries 

    • Token > countries

    • Dynamic Options

      • Spl query

  • Created Inputs as dropdowns – multiple depend on earlier one

  • Adding Panel to display the results

  • Edit Mode – Add Panel, a

  1. Base Search Splunk Dashboard

  • Performance optimization Technique

  • Open the Dashboard > Edit > Source 

    • Write search tag, After the first line <dashboard version=”1.1”> 

    • Provide the common query here

  •  Each Panel has search tag for that panel

  • Save > if it is giving error remove the tags after query tag


  1. Dashboard CSS Popup Modal

  • How to create Custom CSS Popup Modal

  • We can provide about the dashboard in Dashboard description. We can provide a link to open a popup

  • Goto Source > Add row – Panel – html tag

  • A screenshot of a computer Description automatically generated

  • Past the html code in line 7 which is available in description – I copied as \ codesnippet\poupupDescription.xml

  1. Classic Dashboard vs Dashboard Studio

  • Customization  we can use Dashboard Studio

  • Absolute Layout is good than Grid Layout

    • Image upto 16MB size supports


  • Dashboardstudio source code is in json format


  1. Base Search & Chain Search - Splunk Dashboard Studio – Nice watch +times

  • Base query is common spl query used across the dashboard

  • Canvas – Display mode – Auto / Actual Size / Fit to width

  • Dashboard Studio 5 Keys

    • Visualization

    • dataSources

    • defaults

    • inputs

    • layout

  • visualization based on country, city, region, - good visualization

  • data

    • ds.search

    • ds.savedsearch

    • ds.chain
at No comments:
Labels:
Subscribe to: Posts (Atom)