Dashboard example
Contents
Dashboard example
This dashboard example contains several rows illustrating various panels you can create with SimplifiedXML.
- Note: Because this dashboard illustrates grouping of panels, you cannot edit this dashboard in the Splunk Dashboard Editor.
First row
- HTML panel Displays a basic message and lists a few links to saved searches.
- Table panel Displays high CPU usage in the past hour, specifying 10 rows of data, no row numbers, and overlaying a heat map to highlight high values.
- Event panel Displays results of a saved search as a listing of events. Displays 5 rows of results at a time, and wrapping of events is off.
<dashboard>
<label>Dashboard example</label>
<row>
<html>
<p>This is an <i><b>HTML panel</b></i> providing links to saved searches.</p>
<ul>
<li><a href = "@go?s=Errors in the last 24 hours">Errors in the last 24 hours</a></li>
<li><a href = "@go?s=My second search">Errors in the last hour</a></li>
<li><a href = "@go?s=My second search">Splunk errors last 24 hours</a></li>
</ul>
</html>
<table>
<title>High CPU processors in the last hour</title>
<searchString>
index="_internal" source="*metrics.log" group="pipeline"
| chart sum(cpu_seconds) over processor
| sort -sum(cpu_seconds) | rename sum(cpu_seconds) as "Total CPU Seconds"
</searchString>
<earliestTime>-60m</earliestTime>
<latestTime>now</latestTime>
<option name="count">10</option>
<option name="dataOverlayMode">heatmap</option>
<option name="displayRowNumbers">false</option>
<option name="showPager">true</option>
</table>
<event>
<searchName>Errors in the last 24 hours</searchName>
<title>Errors in the last 24 hours</title>
<option name="count">5</option>
<option name="displayRowNumbers">true</option>
<option name="maxLines">10</option>
<option name="segmentation">outer</option>
<option name="softWrap">false</option>
</event>
</row>
. . .
Second row
- Column chart panel Displays a chart as stacked columns, providing labels for the X and Y axes. The inline search is derived from a version of the Splunk tutorial.
- Pie chart panel Displays the same search as the column chart panel, but as a pie chart.
. . .
<row>
<chart>
<searchString>
sourcetype=access_* method=GET | timechart count by categoryId
| fields _time BOUQUETS FLOWERS
</searchString>
<title>Views by product category, past week (Stacked)</title>
<earliestTime>-7d</earliestTime>
<latestTime>now</latestTime>
<option name="charting.axisTitleX.text">Views</option>
<option name="charting.axisTitleY.text">Date</option>
<option name="charting.chart">column</option>
<option name="charting.primaryAxisTitle.text"></option>
<option name="charting.secondaryAxisTitle.text"></option>
<option name="count">10</option>
<option name="displayRowNumbers">true</option>
</chart>
<chart>
<searchString>
sourcetype=access_* method=GET | timechart count by categoryId
| fields _time BOUQUETS FLOWERS
</searchString>
<title>Views by product category, past week (Pie Chart)</title>
<earliestTime>-7d</earliestTime>
<latestTime>now</latestTime>
<option name="charting.chart">pie</option>
<option name="count">10</option>
<option name="displayRowNumbers">true</option>
</chart>
</row>
. . .
Third row
This row illustrates various ways to display single values, and provides an example of a panel grouping.
- Radial gauge panel Displays a radial gauge for an inline search checking all Splunk server log events.
- Single value button grouped with a marker gauge chart panel Uses the same search as the radial gauge. Note that specifying colors for a single value differs from the gauge charts.
. . .
<row grouping="1,2" >
<chart>
<searchString>
index=_internal source="*splunkd.log" ( log_level=ERROR OR log_level=WARN*
OR log_level=FATAL OR log_level=CRITICAL) | stats count as log_events
</searchString>
<title>Splunk server log events (Radial Gauge)</title>
<earliestTime>-1d</earliestTime>
<latestTime>now</latestTime>
<option name="charting.chart">radialGauge</option>
<option name="charting.chart.rangeValues">[0,100,300,500]</option>
<option name="charting.gaugeColors">[0x84e900,0xffe800,0xbf3030]</option>
</chart>
<single>
<searchString>
index=_internal source="*splunkd.log" ( log_level=ERROR OR log_level=WARN*
OR log_level=FATAL OR log_level=CRITICAL) | stats count as log_events
| rangemap field=log_events low=1-100 elevated=101-300 default=severe
</searchString>
<title>Log events</title>
<earliestTime>-1d</earliestTime>
<latestTime>now</latestTime>
<option name="classField">range</option>
<option name="afterLabel">total logging events</option>
<option name="beforeLabel">Found</option>
</single>
<chart>
<searchString>
index=_internal source="*splunkd.log" ( log_level=ERROR OR log_level=WARN*
OR log_level=FATAL OR log_level=CRITICAL) | stats count as log_events
</searchString>
<title>Splunk server log events</title>
<earliestTime>-1d</earliestTime>
<latestTime>now</latestTime>
<option name="charting.chart">markerGauge</option>
<option name="charting.chart.rangeValues">[0,100,300,500]</option>
<option name="charting.gaugeColors">[0x84e900,0xffe800,0xbf3030]</option>
</chart>
</row>
</dashboard>
This documentation applies to the following versions of Splunk: 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.