Hi all,
I'm new at this and still figuring out a lot of things.
But the question I have is if we can auto-populate a dashboard with panels based on an amount of values?
For example:
Source: A has 50 Objects.
I want to create a dashboard that automatically creates a search for every object. It's always the same search just changing one parameter based on the object.
If later it becomes 55 objects the dashboard needs to automatically adapt to show 55 panels.
The panels will be Time charts.
What version of Splunk are you using?
As of version 7, the visualization feature includes the "Trellis Layout" which allows you to split an existing visualization by a certain field.
So say you have some "timechart sum(count) by FieldX", you can visualize this as a graph and then enable Trellis layout split by FieldX, which will generate a separate graph for each option from FieldX.
If you don't have version 7, then I'm not aware of any automated way of doing this. The best thing to do would be to create a dashboard with a base search that retrieves the basic data for all 50 options and then manually create panels for each option and maintain it periodically.
You could probably come up with some way of creating an alert that detects new values, to trigger someone to update the dashboard.
What version of Splunk are you using?
As of version 7, the visualization feature includes the "Trellis Layout" which allows you to split an existing visualization by a certain field.
So say you have some "timechart sum(count) by FieldX", you can visualize this as a graph and then enable Trellis layout split by FieldX, which will generate a separate graph for each option from FieldX.
If you don't have version 7, then I'm not aware of any automated way of doing this. The best thing to do would be to create a dashboard with a base search that retrieves the basic data for all 50 options and then manually create panels for each option and maintain it periodically.
You could probably come up with some way of creating an alert that detects new values, to trigger someone to update the dashboard.
Trellis appears to have been introduced in Splunk 6.6.
http://docs.splunk.com/Documentation/Splunk/6.6.0/Viz/VisualizationTrellis
Thanks all.
Seems we are still on 6.5 but are getting to upgrade to 7.
I will have to wait a bit.
considering every panel is a search, having 50-55 panels in a dashboard will probably cause some load on your system.
as for the question, i am not aware of such function in splunk (which doesnt mean it doesnt exist) and would be happy to learn more if there is such.