Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > Build an advanced dashboard

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
Build your app
Customize Splunk Web
Advanced Web customization
UI Developer reference
Examples

Build an advanced dashboard

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Build an advanced dashboard

Not all modules are available in the simple dashboard configuration. Use these instructions if you'd like to make a more sophisticated dashboard, using modules that aren't available in the simple dashboard configuration.

Here's a general overview of how to build a dashboard:

  1. Decide how to visualize and display your data. For example, you may want to showcase your search results in a graph or you may want to present a list of links to search results.
  2. Construct searches.
  3. Build panels for each search.
  4. Construct your dashboard from the panels you've built.
  5. Finally, layout your dashboard panels. For more information on how to build a dashboard, read more about dashboard layout.

Begin a dashboard

Add your dashboard to $SPLUNK_HOME/etc/apps/<your_app>/default/ui/views/. Then, open the XML file for editing. Start by adding the following: 

<view template="dashboard.html">

This specifies that you're using the dashboard template. Dashboard views use a different Mako template than the default template used by search views, so you must specify this template at the beginning of your dashboard's XML file.

You can also set the refresh rate here by adding a refresh=<seconds> tag. This will rerun your HiddenSearches, or get any new HiddenSavedSearch results.

This example sets the dashboard to refresh automatically every 30 seconds.: Edit the existing XML which should look like, 

<view template="dashboard.html">

to include refresh="30" 

<view refresh="30" template="dashboard.html">

Add panels

A panel is a set of results displayed in a dashboard. Dashboards can contain any number of panels. Each panel usually has only one search associated with it, via the HiddenSearch or HiddenSavedSearch module. Display results from the search in a results module, like a chart or a link list.

Here's an example panel:

Panel.jpg

And here's the XML behind this panel: 

 <module name="HiddenSearch" layoutPanel="panel_row1_col1" group="Messages per minute last hour" autoRun="True">
   <param name="search">search index=_internal eps group=per_source_thruput NOT filetracker Metrics | eval events=eps*kb/kbps | timechart sum(events)</param>
   <param name="earliest">-1h</param>
   <module name="ResultsHeader">
     <param name="entityName">scanned</param>
     <param name="entityLabel">Events</param>
     <module name="FlashChart">
       <param name="height">180px</param>
       <param name="width">100%</param>
     </module>
   </module>
 </module>

Notice that there are only 3 modules in this panel -- HiddenSearch, ResultsHeader and FlashChart. HiddenSearch generates all the search results and FlashChart displays them. ResultsHeader displays a header with the amount of events searched by HiddenSearch.

Since HiddenSearch is the parent module, it takes a few other settings like layoutPanel, group and autoRun. LayoutPanel denotes where to place the panel within the dashboard. Group is a header that displays at the top of the panel. AutoRun indicates that the search in the panel should be run upon loading the page. Generally, you'll want to set autoRun = true.

First, decide how you want to showcase your data with the available modules. The results modules are the most useful modules to display search results in dashboards.

You can include searches in your dashboard panels in one of two ways:

1. Create the search, save it and run it on a schedule. Then reference the search results from your dashboard with the HiddenSavedSearch module. If you have a lot of users accessing your dashboard or the search takes a while to return, this is the best method.

2. Reference the search string directly in the dashboard panel with the HiddenSearch module. The HiddenSearch module runs your search every time the dashboard loads, so it works best if the search returns results quickly and there are only a few users accessing the dashboard at any given time.

Layout your panels

Dashboards use a coordinate system. The parent module in any panel specifies what coordinate to use. The coordinate system specifies a row and a column for the panel, such as: layoutPanel=panel_rowX_colY. You can use any number of rows, but you will want to limit yourself to about 3 or 4 columns (2 is standard for displaying data).

For example, here are two parent modules of panels in the tutorial dashboard: 

  <module name="HiddenSearch" layoutPanel="panel_row1_col1" group="Messages per minute last hour" autoRun="True">

...

 <module name="HiddenSearch" layoutPanel="panel_row1_col2" group="KBps indexed per hour last 2 hours" autoRun="True">

You can also set up a group of panels within a larger panel. To set this up, specify one parent module. This example uses StaticContentSample to set a header for the entire group of panels. Each panel then has one parent module which specifies the layoutPanel with the addition of the grp tag for placement within the group. 

<module name="StaticContentSample" layoutPanel="panel_row2_col1" group="All Indexed Data" autoRun="True">
  <param name="text">This will show you all of the data you have loaded into index=main over all time.</param>
  <module name="GenericHeader" layoutPanel="panel_row2_col1_grp1">
      <param name="label">Sources</param>
...
  <module name="GenericHeader" layoutPanel="panel_row2_col1_grp2">
    <param name="label">Sourcetypes</param>
...
  <module name="GenericHeader" layoutPanel="panel_row2_col1_grp3">
    <param name="label">Hosts</param>

Add chrome

Next, add the chrome. Dashboard chrome layout panels are ordered similarly to search views: 

  <label>Tutorial Dashboard</label>
  <module name="AccountBar" layoutPanel="navigationHeader"/>
  <module name="AppBar" layoutPanel="navigationHeader"/>
  <module name="Message" layoutPanel="messaging">
    <param name="filter">*</param>
    <param name="clearOnJobDispatch">False</param>
    <param name="maxSize">1</param>
  </module>

Searches in dashboards

If you want to include searches in your dashboard, put search modules in the following panels:

Optionally add the search bar. This will let users launch searches from the dashboard: 

 <module name="SearchBar" layoutPanel="mainSearchControls">
    <param name="useAssistant">true</param>
    <param name="useTypeahead">true</param>
    <module name="TimeRangePicker">
      <param name="selected">This month</param>
      <module name="ViewRedirector">
        <param name="viewTarget">simple_search_view</param>
      </module>
    </module>
  </module>

Note: Add the ViewRedirector module to launch your searches in a different view.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.2/Developer/ConfigureDashboard"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.