Splunk® Enterprise

Developing Dashboards, Views, and Apps for Splunk Web

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Step 1: Create a dashboard

There are several ways to create a Splunk dashboard:

  • Use the Splunk Dashboard Editor to interactively create a dashboard (recommended)
  • Use the Splunk Manager to create a dashboard from a new view
  • Use the Splunk Manager to clone an existing dashboard which you can then modify
  • Create a dashboard from an XML file

All three of these options leverage Splunk's Simplified XML. Once you create a dashboard, you can always edit the Simplified XML upon which the dashboard is based.

Dashboard owners and permissions

Splunk dashboards are either private to a user, available to users of an app, or available to all users.

Splunk places private dashboards in the following location:

$SPLUNK_HOME/etc/users/<user>/<app>/local/data/ui/views/<dashboard_name.xml>

Splunk places dashboards available to users of an app (or available to all users) in the following location:

$SPLUNK_HOME/etc/<app>/local/data/ui/views/<dashboard_name.xml>

You can change the read and write permissions to a dashboard for users, based on their Splunk user roles.

Splunk Dashboard Editor

Use the Splunk Dashboard Editor to interactively create and edit dashboards. From the Dashboard Editor you add panels, create and edit searches for each panel, modify the visualizations representing the returned data, and specify permissions for the dashboard.

When using the Dashboard Editor, you do not have to edit any XML code. However, to enhance the dashboard you can always edit the Simplified XML upon which the dashboard is based.

To read more about the Dashboard Editor, see "Create and edit simple dashboards" and "Edit dashboard visualizations", both in the User Manual.

Use Splunk Manager to create a dashboard

You can create a dashboard directly from Splunk Manager.

1. Go to Manager > User interface > Views.

2. Click New and specify the following:

  • Destination app Select an app from the dropdown list of all available apps in your Splunk instance.
  • View name Specify a name for the dashboard. The name you specify becomes a node in the path to the dashboard. Only alphanumeric characters and '-' and '_' can be used.
  • View XML Specify the Simplified XML to create your dashboard. The following is the minimal XML to create a blank dashboard:
<?xml version='1.0' encoding='utf-8'?>
<dashboard>
  <label>Minimal Dashboard</label>
</dashboard>
  • Click Save.

3. (Optional) Modify permissions.

By default, the dashboard you create from Splunk Manager is private. In the Views page of Splunk manager, click Permissions for your dashboard to specify an app (or all apps) for the dashboard and to set permissions for users of the dashboard.

Create a dashboard from an XML file

You can create dashboards directly in an XML file and place the file in the appropriate directory in your Splunk installation. Use Simplified XML as described in this chapter. See "Dashboard owner and permissions" in this manual for the location of source dashboard files.

After copying the dashboard file to the appropriate directory, refresh Splunk as follows:

  • Go to the following URL and click EAI object refresh. Then refresh the app page from which your dashboard is available. The new dashboard then appears from the Dashboard & Views menu.
http://<Splunk Host>:<Splunk User Port>/info

OR

  • Restart Splunk

Splunk's Simplified XML syntax

Splunk's Simplified XML syntax allows you to create basic dashboards. The following sections of this chapter walk you through the steps of developing a dashboard using Simplified XML. However, here are some of the basics of Simplified XML:

  • <dashboard> is the base tag of a dashboard. XML files implementing dashboards are wrapped in these tags.
Use the refresh attribute to set how frequently, in seconds, to refresh the dashboard. For example, <dashboard refresh="30"> sets the refresh rate to 30 seconds.
  • <label> is a child tag of <dashboard>. It specifies the display name of the dashboard.
  • Dashboards present panels in rows, designated by the <row> tag. Each row can contain up to three panels.
  • Each panel is a visualization of data returned by the panel's search. Here are common visualizations for panels:
<event>: Displays a list of events.
<table>: Displays data in a table.
<chart>: Displays returned data in a chart. <option> tags define the type and layout of the chart.
  • Child tags to a panel include:
<searchName>: specifies a saved search.
<searchString>: specifies an inline search specific to that panel.
<title>: Display name for the panel.
<earliestTime>, <latestTime>: specifies the time range for the search.
  • <option> tags to a panel that define the type and properties of the panel visualization. For example:
<option name="charting.chart"></option> defines the type of visualization, such as pie or radialGuage
<option name="count"></option> defines the number of rows to display.


See the Splunk Panel Reference for details on specifying visualizations for panels.

Special characters in XML files

Some characters have special meaning in an XML file and cannot be used literally. You can wrap the text within CDATA tags as illustrated below. The XML parser does not process text within CDATA tags.

<![CDATA[
 <code>"Text within a CDATA tag"</code>
]]>

Or you can escape these characters using HTML entities:

Character HTML Entitiy
"
&quot;
'
&apos;
<
&lt;
>
&gt;
&
&amp;
PREVIOUS
Saved searches and dashboards
  NEXT
Step 2: Add rows

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters