Hello! We are excited to kick off a new series of blogs from SplunkTrust member ITWhisperer, who demonstrates how to build a dashboard for analyzing the web logs from the Splunk Enterprise Search Tutorial dataset.
This series assumes you have already completed that tutorial, as it uses the same dataset that you will have already downloaded and ingested into Splunk. If you have not, please go to the Tutorial and complete it (or at least download and ingest the dataset).
Further Dashboarding Techniques
This is a series of blogs demonstrating how to build a dashboard for analysing the web logs from the Splunk Enterprise Search Tutorial dataset, and starts from where the tutorial left off.
Access Log Analysis Dashboard
In this section, you will create a new dashboard to assist in further analysis of the access log data.
Save a search as a Dashboard panel
- Start a new search
- Change the time range to All time
- Run the following search
sourcetype=access_combined_wcookie
The following image shows the results of the search. You can see events which include fields such as client ip address, request time, method, uri, and status. These are already extracted as part of the "access_combined_wcookie" sourcetype.
- Modify the search to count the status responses by time buckets, for example, hourly status volumes
sourcetype=access_combined_wcookie
| timechart span=1h count by status
The following image shows some of the hourly counts by status from the events access log.
- Click the Visualization tab
- Change the chart to Column Chart (if it is not already selected)
This screen image shows a column chart of the hourly counts by status from the events access log.
- Click the Format tab
- Change the Stack Mode to stacked
This screen image shows stacked column format option.
- Still within the Format tab, change the Chart Overlay to overlay the 200 field. The 200 status represents successful requests.
This screen image shows chart overlay format option.
This gives you a chart showing the hourly status counts with the successful requests (status = 200) as a line graph:This screen image shows hourly status chart with overlay.
- Click Save As and select Dashboard Panel.
- Define a new dashboard and dashboard panel.
- For Dashboard, click New.
- For Dashboard Title, type Buttercup Games - Requests
- The Dashboard ID field displays buttercup_games_-_requests.
- For Dashboard Description, type Buttercup Games Requests Analysis.
- For How do you want to build your dashboard?, click on Classic Dashboards.
- For Panel Title, type Hourly Status Volumes
- For Panel Content, keep the setting for Column Chart.
This screen image shows options for saving the hourly status chart to a new dashboard.
- Click Save to Dashboard.
- In the confirmation dialog box, click View Dashboard.
This screen image shows the hourly status volumes in a new dashboard.
We'll continue with next steps in part 2, where you will look at an alternative way to visualize the data.
