Dashboards & Visualizations

Is it possible to create a dashboard with chart where a value is configurable by the user

oriches
Explorer

I want to create a dashboard where I can change the 'SessionId' in the following query, ideally I want to be able to select one from a dropdown list and the chart would refresh.

host="jedi-sit2" SessionId=7e88e1f8-f06c-4950-bedc-97b2ad51d0e6 | timechart mode(ui_process_memory)

Is this possible?

1 Solution

nfilippi_splunk
Splunk Employee
Splunk Employee

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>

View solution in original post

0 Karma

sideview
SplunkTrust
SplunkTrust

Note that the latest Sideview Utils is 2.5 and while it's also available under a free license, you have to get it from the Sideview site at http://sideviewapps.com/apps/sideview-utils/ The LGPL version linked to is a much older version (1.3.5). There have been an enormous number of improvements, new features and bugfixes since 1.3.5 so make sure you're on the latest.

0 Karma

nfilippi_splunk
Splunk Employee
Splunk Employee

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>
0 Karma

linu1988
Champion

http://splunk-base.splunk.com/apps/36405/sideview-utils-lgpl.

Please see the usage terms and conditions. But for reference it's the best

0 Karma

oriches
Explorer

Where can I find out more about 'Sideview Utils'?

We have a licensed version of splunk

0 Karma

aholzer
Motivator

As @linu1988 said, Sideview Utils is a really powerful tool that you can use to make sophisticated dashboards and I highly recommend it.

If you are looking for something quicker, you may want to look into the Splunk views called "forms" that come included in the base splunk. They allow you to define dashboards with user inputs.

Sideview Utils has tools that allow you to do the same thing, and in the long term is a better/more robust solution, but if you are just looking for a quick answer, the keyword you are looking for is "form". "Splunk form".

0 Karma

linu1988
Champion

Please refer to Splunk UI examples APP / Sideview Utils APP.
You can create dashboards with pulldown /dropdown modules to fill your session ids. Then pass the variable to the search in the dashboard panel. Thanks.

http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampledashboard

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...