Splunk default dashboards
Splunk comes packaged with a set of useful dashboards. They are handy for troubleshooting your system and searches and could also help you come up with some ideas of how you might want to design some dashboards and views of your own.
You can find the following dashboards by clicking Activity > System Activity in the user bar near the top of the page.
Note: These dashboards are only visible to users with Admin role permissions. For more information about users and roles, see the "Add and manage users" section in Securing Splunk. For more information about setting up permissions for dashboards, see the Knowledge Manager manual.
- Search activity - This dashboard collection provides at-a-glance info about search activity for your Splunk instance. You can find out when searches are running, the amount of load they're putting on the system, which searches are the most popular, which search views and dashboards are getting the most usage, and more. The following dashboards are provided:
- Search activity overview
- Search details
- Search user activity
- Server activity - This collection of dashboards provides metrics related to splunkd and Splunk Web performance and is handy for troubleshooting. You'll find the numbers of errors reported, lists of the most recent errors, lists of timestamping issues and unhandled exceptions, a chart displaying recent browser usage, and more. The following dashboards are provided:
- Splunk browser usage and exceptions
- Internal messages and errors
- License usage
- Scheduler activity - This collection of dashboards gives you insight into the work of the search scheduler, which ensures that both ad hoc and scheduled searches are run in a timely manner.
- Scheduler activity overview
- Scheduler activity by user or app
- Scheduler activity by saved search
- Scheduler errors
- PDF activity
The Summary Dashboard
The Summary dashboard is the first thing you see as you enter the Search app. It provides a search bar and time range picker which you can use to input and run your initial search.
When you add an input to Splunk, that input gets added relative to the app you're in. Some apps, like the *nix and Windows apps, write input data to a specific index (in the case of *nix and Windows, that is the os index). If you review the summary dashboard and you don't see data that you're certain is in Splunk, be sure that you're looking at the right index.
You may want to add the index that an app uses to the list of default indexes for the role you're using. For more information about roles, refer to this topic about roles in Securing Splunk.For more information about Summary Dashboards, see the Search Tutorial.
Meet Splunk Web
Customize Splunk Web banner messages
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14