- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Dashboard help
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dashboard help
Hi I'm trying to create a custom dashboard which list the companies and products we have running on our servers. To define the term company i setup a field extraction -> transform to look at a specific folder on each server. i have the logs for each company/product writing to their specific folder (c:\logs\ABC Company\Product). I've tried using source, field, sourcetype=company and i can't get it to list out the companies. Anybody have any suggestions? Also i'm using a basic xml dashboard design since programming is not my forte.
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try using this in your dashboard xml (Splunk 6 version)
<dashboard>
<label>Summary Dashboard</label>
<description></description>
<row>
<table>
<title>Select Company</title>
<searchString>
sourcetype=company | stats count by company| fields - count
</searchString>
<earliestTime>0</earliestTime>
<latestTime>now</latestTime>
<option name="wrap">true</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</row>
</dashboard>
This dashboard create a table with unique list of companies. Increate the "count" option value as per your need. It by default drilldowns to Splunk Search app with selected company name, with search query like below.
sourcetype=company company="Your selected company name"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This just an example query. replace it with index/source/sourcetype of yours which has company data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
unfortunately sourcetype=company nor source=company return any results. really confusing!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i've tried that but i can't get the search to just list the companies out individually and make them hyperlinked. If I do company=”*”, I just get 100's of log pages with the most active company at the top. I might have to go 50 pages deep to find the company I actually want.
I wanted the company names listed out like the host/servers are on the summary dashboard. you click on the company and you get all the logs. wish i would post a pic 😞
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why don't you use the built in dashboard creator? From the search page select Dashboards & Views > Create Dashboard.
Set Edit to ON, Add a Panel, and paste your working search into as an Inline Search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yup...it's in there. I have about 5 years of data. I tried to post a pic, but i don't have enough points 😞
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First you need to create a search that pulls the data you want.
But, even before that you need to have the data in Splunk to search. It sounds like you don't have the data. Do you have the data indexed?
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
