Dashboards: an introduction
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Dashboards: an introduction
This section of the Developer Manual is all about dashboards. If you're interested in building your own dashboard, read through the topics in this section sequentially. Each topic in this section explains how to build a dashboard step-by-step, starting with the basic three step process of building a dashboard outline. Each topic after explains how to add specific configurations to your dashboard. After that, you can pick and choose the other elements you'd like to add to your dashboard.
What is a dashboard?
A dashboard is a view -- a page in Splunk Web customized by you. Dashboards show visualizations of your data such as charts and graphs and are extremely useful for displaying the results of reports and searches. Once you build and name your dashboard, you can navigate to its URI:
http://localhost:8000/en-US/app/<app_name>/<dashboard_name>
(Replace with your Splunk host and port.)
Dashboards are objects that live within apps. This means you can set permissions on your dashboard the same way you can with a saved search, event type or other object.
Why build a dashboard?
Use dashboards to highlight interesting and useful aspects of your data, link to important searches and display common reports. For example, make a network operations console where you can see an overview of your entire network, find out which machines are down and be notified of any firewall violations. Or, build a business analytics dashboard that shows how many people have visited your website today and how many successful purchases have gone through your system.
How to build a dashboard
Each dashboard is made of rows with one or more panels and each panel contains a search and a visual summary of that search. Panels are laid out next to or on top/beneath each other. Panel types include:
- Charts
- Tables
- Lists
- Single button
- Events
- HTML
For a complete list of all available panels, see the panel reference in this manual.
Dashboards are built out of Splunk's custom XML syntax. Although there is an advanced version of the XML syntax, this entire section focuses on building dashboards with the simplified XML syntax. It's a good idea to start out with the simplified XML syntax and only move on to the advanced if you find that there are options that you'd like to configure that are only available in the advanced XML. For example, if you want to create a single search for a whole dashboard, you can implement postProcess search in advanced XML, as described in How to use one search for a whole dashboard.
You can always convert your simple XML to advanced XML via the showsource URI:
http://localhost:8000/en-US/app/<app_name>/<dashboard_name>?showsource=true
(Replace with your Splunk host and port.)
Searches and dashboards
Dashboards are based on searches and reports. The bulk of the work you'll put into building a dashboard will not be about building the UI but will instead be in perfecting your searches to show the parts of your data you're most interested in.
If you specify a saved search in your dashboard, Splunk uses the most recent results from that search. You can set up a search to run on a schedule and your dashboard will use cached results. Use saved searches if you have a lot of long running searches or you expect a lot of people will be using the same dashboard at the same time. If you'd like your dashboards to display results in real time, build a search string directly into the dashboard.
To learn more about using saved searches in dashboards, read the next section: Saved searches and dashboards.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.