Solved: Is it possible to create a dashboard where you mus...

therockhead · ‎03-26-2015

Hi,

I have the task of improving some of the performance issues with our instance of Splunk. One of the issues I see with our installation is that some dashboards have over 30 panels/searches which hammer the server as soon as you navigate to the dashboard and select a time range. Is it possible to have a dashboard where you must manually select the panel before they are run?

Thanks,
Bill

LukeMurphey · ‎03-30-2015

Here is a blog entry I wrote that outlines a method for putting panels into tabs: http://blogs.splunk.com/2015/03/30/making-a-dashboard-with-tabs-and-searches-that-run-when-clicked/

This method allows you to control the searches within the tabs such that they do not execute until you click the tab. I have used this technique in apps and it has worked very well for me.

View solution in original post

LukeMurphey · ‎03-30-2015

Here is a blog entry I wrote that outlines a method for putting panels into tabs: http://blogs.splunk.com/2015/03/30/making-a-dashboard-with-tabs-and-searches-that-run-when-clicked/

This method allows you to control the searches within the tabs such that they do not execute until you click the tab. I have used this technique in apps and it has worked very well for me.

therockhead · ‎03-31-2015

Wow - thanks for the great write up.

snix · ‎10-12-2015

Not to hijack this post but I found your post on tabs Luke and found it is exactly what I am looking for but when I load the tabs.js and .css into the view it causes issues with all the panels so that they all start saying "Search is waiting or input..."

LukeMurphey · ‎10-12-2015

@snix: I'm looking into that issue. See the bug report for details: http://lukemurphey.net/issues/1069

LukeMurphey · ‎10-12-2015

@snix: actually, I'm finding this doesn't reproduce. Once I hit the "submit" button, the panels load. Could you let me know if the built-in views provided with the app work (such as the tabs_step5 view)?

snix · ‎10-12-2015

Unfortunately I reloaded the example app from scratch and I got the same result on all 5 steps. Obviously it is something to do with my configuration but I have no idea what it is. I am loading up a test network to verify this on a fresh install.

LukeMurphey · ‎10-12-2015

Are you seeing any Javascript errors in the console?

snix · ‎10-12-2015

I see nothing on the page as it loads other than the panels stating "Search is waiting for input..." but nothing else. If there is another place to look to troubleshoot then I don't know where that is.

The only thing I can say that may have some small effect is that I am on 6.3 but not sure that the upgrade would make a difference.

snix · ‎10-12-2015

Okay ran a quick test on a new stock 2012 R2 VM with a stock default install of Splunk 6.3 and all I did was add some local inputs for some data and then copied the "tabs" folder from the example app given to the "C:\Program Files\Splunk\etc\apps" directory and reset Splunk.

After reboot I went to the "Tabes Example" app and all the panels in all 5 steps say "Search is waiting for input..." as before.

I will have to attempt to do the same on a new VM ... "wish I had done a snapshot to save time lol" and reload Splunk and run it on 6.2 but it is starting to look like it my be related to the new update.

snix · ‎10-13-2015

Boy am I an idiot, the reasons those examples didn't work is because I was not hitting the submit button. I tried 6.2 and got the same result where it didn't work to I retraced my steps of what I did to see where I was screwing up and just happened to notice the Submit button and slapped my head and tried it.

In all my views I just have it set up to auto run so I didn't even think of it not doing that. I still have issues with getting it to work with my panels but now I have working code so it will be manageable to fix I think. My bet is it my have something to do with that submit button in the first place if it is treated like some kind of token. That is what all the Splunk Answer sites were saying the error was related to was a token that was not set correctly.

ngatchasandra · ‎03-30-2015

Hi therockhead,

Because you want to select a panel before it run, in my view point do the following:

Create X ( X is match the number of panels you want to create ) repports where each repports have his query .
After do that, create an Dashboard .
Add an dropdown input and set it with only attributs like this:

1) Label : Select_panel
2) Search on Change : Enabled
3) Token : panel
4) Default: "you can select an panel to run by defalt when you open your dashboard"
5) Go in statics options and add X options like follow example:
Name Value
Panel1 Count_by_sourcetype
Panel2 Count_warning_count_sourcetype

Count_by_sourcetype and Count_warning_count_sourcetype are names of my two repports.

Edit source of your dashboard and add this code xml. By default i display my panel as a table.

panel

Count_by_sourcetype

|savedsearch $panel$

undefined
undefined
row

Thus, you must be able to select in your dropdown input the panel whose you want to run.

My entire code example is:

<form>
  <label>Select_panel</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="panel" searchWhenChanged="true">
      <label>Select_search</label>
      <choice value="Count_by_sourcetype">Panel1</choice>
      <choice value="Count_warning_count_sourcetype">Panel2</choice>
      <default>Count_by_sourcetype</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>panel</title>
      <table>
        <title>Count_by_sourcetype</title>
        <search>
          <query>|savedsearch $panel$</query>
        </search>
        <option name="wrap">undefined</option>
        <option name="rowNumbers">undefined</option>
        <option name="drilldown">row</option>
      </table>
    </panel>
  </row>
</form>

If you want to change the vizualisation type of one Panel , click on edit panels and go to the icon who is right top and select bar or column ...

LukeMurphey · ‎03-26-2015

I dealt with this just recently. In my case, I put panels in tabs and then setup a system where the searches would not run until you clicked the tab to view it. Not only did it prevent lots of searches from executing simultaneously, but it also made the view more elegant by not showing an excessive number of panels at all at once (can be overwhelming for the user).

If you are interested in this approach, I may just make a blog entry with some code and instructions so that you could use the same approach. Let me know if you are interested.

coleman07 · ‎03-10-2016

Luke,

I loved your blog post. I am trying to find in documentation where it says the search will not run if the token is not defined. My reasoning is not that I question your article - it does what you say but how would a newbie know this trick if you hadn't written the article.

LukeMurphey · ‎03-10-2016

I'm not sure where it is covered in the docs; it may be covered in the developer classes.

therockhead · ‎03-26-2015

Sounds like a great approach. Would definitely be interested in a blog post!

Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!