Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk dynamic dashboard capability question?

axl88
Communicator
‎02-25-2014 01:25 PM

Imagine 🙂 I have application A, B and C
and inside those applications I have
A_errType1... A_errType5, B_errType1, B_errType2, C.errType1 .. C.errType3 etc..

I am reading all applications from the same type of log file(s). So my question is,

Are there any chance to have a summarizing dashboard (lets call it TimeChart tool) for all data such as "Count of errors on each app" and link this dashboard to sub-dashboards to have detailed information on each application type. lets say we have 10,20,30 of application errors on A,B and C. I choose application C and it returns me another board that shows totals of "errType"s of the same application like errType1 5, errType2 15, errType3 3

0 Karma
Reply

nfilippi_splunk
Splunk Employee
Splunk Employee
‎02-27-2014 03:16 PM

This sounds doable in Simple XML.

My understanding here is that you would like the drilldown to link to different dashboards based on the application clicked on, correct? To do this, you will need to,

  • (a) eval a new field in your events that adds the drilldown view name based on the application,
  • (b) include that field in your resulting table,
  • (c) use the "fields" option in your table to effectively hide that field from view but still making it accessible as click information to your drilldown,
  • (d) construct you drilldown link using the hidden field, like $row.viewname$.
Reply

gfuente
Motivator
‎11-04-2014 01:39 AM

Hello

I tested this, and in Splunk 5 doesn´t works if you hide the field with the "fields - fieldname" command. Althougt it works fine without hidding the field...

Does you solution works in Splunk 6?

Regards

0 Karma
Reply

axl88
Communicator
‎02-27-2014 10:53 AM

In my research, It seems more feasible to use table chart drilldown which could be found:

http://docs.splunk.com/Documentation/Splunk/6.0.1/AdvancedDev/TableChartDrilldown

I still don't have the exact answer, so if you have more ideas, please share it here.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-25-2014 01:58 PM

That sounds quite doable with either SplunkJS/Webframework or AdvancedXML/SideviewUtils... not sure how doable it'd be with SimpleXML.

How that'd look depends on what you specifically need, but in general the idea would be to have a summarizing dashboard with charts or tables and custom drilldown underneath. Those drilldowns would look at what application your error type came from and apply that as a filter to the next dashboard.

Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...