Build a real-time dashboard
Contents
Build a real-time dashboard
You can build a real-time dashboard using the Splunk Dashboard Editor, coding the dashboard using Simplified XML, or using Splunk's Advanced XML. This topic provides an example of creating a real-time dashboard using Simplified XML.
For information on building a dashboard using Advanced XML, see "How to build a real-time dashboard" in the Advanced Web customization section of this manual.
Enable real-time searching
Use the <earliestTime> and <latestTime> params to enable real-time searching. For example, if you want to enable real-time searching and display the data in a table, specify the following:
<table>
<title>Look here for errors that you need to care about</title>
<searchName>Errors in the last 24 hours</searchName>
<fields>host, source, errorNumber</fields>
<earliestTime>rt</earliestTime>
<latestTime>rt</latestTime>
</table>
You can also set a window for your real-time dashboard. For example, if you want to show real-time events but only from the last 5 minutes.
<table>
<title>Look here for errors that you need to care about</title>
<searchName>Errors in the last 24 hours</searchName>
<fields>host, source, errorNumber</fields>
<earliestTime>rt-5m</earliestTime>
<latestTime>rt</latestTime>
</table>
For more information on setting a search window, see "The real-time search topic" in the User Manual.
This documentation applies to the following versions of Splunk: 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.