Dashboards & Visualizations

Dynamic Creation of Single Value Panels

jessemartinez17
Engager

Is there a way to create single value panels from a dynamic search? I am running a search based on objects in a list and I need to create a single value for each object in those lists. This list will be growing and would just like to add to the list and have the additional single values be created.

Tags (2)
1 Solution

Drainy
Champion

Not without diving into the JavaScript SDK for Splunk and designing a custom application within Splunk.

Another way you could do it is to have a Python script sat outside of Splunk which is run as a scripted input, this input could be scheduled to run every 5 minutes or so and each time it runs it fires off a search against splunkd. With the results it could then dynamically build a dashboard with the correct number of single value panels required.

View solution in original post

bandit
Motivator

Splunk @splunk this would be a great feature to release in Splunk 7 and a huge time saver! Say I have 20 hosts where I want to show CPU trend as a single value, it's tedious to have to generate the 20 code blocks.

Why not let us do something like this
| timechart avg(cpu) by host limit=20

where the limit value would determine how many individual single values are rendered?

This would also be relevant for any of the gauges in Splunk.

I prefer to have dashboards dynamic whenever possible instead of updating the xml code when a host is added.

0 Karma

sideview
SplunkTrust
SplunkTrust

In the next major release of Sideview Utils, I'm introducing a new module called Multiplexer which will allow you to do this. (Although I do also agree with araitz: if you haven't already, try and rethink your problem such that a simple table will solve it.)

Multiplexer gets configured to look at a particular field's values in the search results. You also configure it to have one child module, or one child module that has any number of grandchild and descendant modules. Then at runtime the Multiplexer module looks at the values of the specified field and actually clones out the modules underneath -- one for each value of the field.

On the SingleValue side, Sideview Utils already has the HTML module which can do everything that the SingleValue module can do, and generally more easily and more obviously.

1) What you could do in a simple config then, is to have a Multiplexer above a single HTML module so that you display some statistic(s) for each value of someField in a stats sum(foo) avg(bar) by someField search.

2) or to throw out a more complicated use case, you could have a Multiplexer above a PostProcess, which then contained an HTML module. That would allow you to run a postprocess search for each of the values you're multiplexing, and then display the postprocessed results.

3) There isn't really any limit to what you can put downstream from Multiplexer - Search modules, Switcher modules, ResultsValueSetter modules, JSChart modules...

And in general if you're going to multiplex many results, it's useful to know that the Multiplexer module works perfectly well downstream from the Pager module. So if you have a config that has a Pager, then a Multiplexer, then an HTML module, and there are 1000 different values for the multiplexed field, the end-user will have a pager they can use to page through all 1000 different permutations of the HTML module.

If this sounds almost maddeningly powerful, it is. And for the users who are already using ResultsValueSetter and Switcher to build intelligent dashboards, the blue sky will get even further out there.

So stay tuned. I'm still writing all the testcases for Multiplexer and it's a significant undertaking, but it will release in Sideview Utils 2.2 and you can expect that to be out within a few weeks.

http://sideviewapps.com/apps/sideview-utils

0 Karma

araitz
Splunk Employee
Splunk Employee

Hmmm, sounds like what you are looking for is a table. Am I missing something?

0 Karma

Drainy
Champion

Not without diving into the JavaScript SDK for Splunk and designing a custom application within Splunk.

Another way you could do it is to have a Python script sat outside of Splunk which is run as a scripted input, this input could be scheduled to run every 5 minutes or so and each time it runs it fires off a search against splunkd. With the results it could then dynamically build a dashboard with the correct number of single value panels required.

coleman07
Path Finder

Is it possible to share how you solved this problem? Newbie interested in same thing

0 Karma

bandit
Motivator

I sure he just wrote a script to loop though a list of hosts and generate the single value code blocks.

<single>
</single>
0 Karma

jessemartinez17
Engager

Thank you. I created a script to add in the code for a single value to the XML file itself from the server and that worked just fine.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...