Splunk® Enterprise

Analytics Workspace

Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Creating a dashboard in the Analytics Workspace

Your team runs the online store for buttercupgames.com. This website sells games online and tracks system metrics and logs from its online credit card payment service.

To get the most insight from your metrics, you want to set up a dashboard to monitor this data in real-time.

You have the following metrics:

  • Number of transactions over time
  • Overall revenue over time
  • Number of errors for the store and payment service

View each of your metrics as time series in the Analytics Workspace. Then save the charts to a dashboard in the Analytics Workspace.

  1. View number of transactions over time
  2. View overall revenue over time
  3. View number of errors for the store and payment service
  4. Save the workspace to a dashboard

View number of transactions over time

  1. In the Data panel, search or browse for the posted_payments dataset. This dataset contains the payment logs from your credit card payment provider.
  2. Select the transaction_id field to create a chart.
  3. In the Analysis panel, select the Count aggregation. Note that because the transaction_id dataset field is a string, the only available aggregations are Count and Distinct count.
This screen image shows a chart of transaction IDs for posted payments.

View overall revenue over time

  1. In the Data panel, select the amount field from the posted_payments dataset. This creates a chart of your revenue.
  2. In the Analysis panel, change the aggregation to Sum. The chart updates to show your aggregated total revenue over time.
This screen image shows a chart of amounts for posted payments.

View number of errors for the store and payment service

  1. In the Data panel, search for err. The data hierarchy filters to include only data sources with names that contain err.
  2. Select the err_count metric to create a chart.
  3. In the Analysis panel, under Split By, select the page dimension. This splits the chart to show errors by page.
  4. Under Filters, click + Add New Filter. Select the page dimension. Then select the home, purchase, and review pages. The chart shows errors from these three pages.
This screen image shows a chart of error count by page.

Save the workspace to a dashboard

  1. From the global actions bar, click the ellipsis (This screen image shows the More icon.) icon and select Save to Dashboard (XML).
  2. Enter the dashboard details. Leave the Add interactive time control option selected, so that you can adjust the time range later.
  3. Click Save.
This screen image shows the Save All to Dashboard dialog.

Summary

You now have a dashboard that monitors the number of transactions over time, overall revenue over time, and the number of store and payment service errors. To view your dashboard, click the Dashboard tab on the Search & Reporting bar. Then select the dashboard from the list.

For more information about dashboards in the Splunk platform, see the Dashboard overview in the Dashboards and Visualizations Manual.

For more information about dashboards in the Analytics Workspace, see Dashboards in the Analytics Workspace.

Last modified on 29 July, 2020
Analyzing data in the Analytics Workspace   Troubleshoot the Analytics Workspace

This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters