Dashboards & Visualizations

Basic dashboards

Loves-to-Learn Lots

Hello guys... We need some help, as always. We are a bunch of noobs in Splunk and we want to create some basic dashboards about the local performance such as disk, cpu, memory... And dashboards about a few of the most importants event logs in windows. Any idea how to start? I've been reading docs, forums, etc. but it looks like since is too basic no one talks about it lol Hope you can give me a hand. We are using splunk enterprise on a local w10 machine just to get our hands dirt and learn the basics as you can see.

Thank you again and happy halloween!

Labels (3)
0 Karma

Splunk Employee
Splunk Employee

Hi @adetheodore , 


Although this may not assist necessarily in the query-writing aspect of your question, we do provide some example dashboards with the product for Splunk Enterprise 8.2 and higher, in the Examples Hub, which you can find by going to the Dashboard listing page in Search and Reporting and clicking the link at the top.This is a collection of example dashboards for various use cases if you need help in terms of design, organization, and messaging for the dashboard. If you use one of these examples you can likely replace the searches with the correct ones necessary for your use case. Hopefully this can help in some aspects of your situation. 

0 Karma

Path Finder

Hi @adetheodore 

In Splunk Enterprise, you can use the "Splunk App for Infrastructure" for Windows Monitoring. 

APP URL: https://splunkbase.splunk.com/app/3975/

Installation Reference: https://docs.splunk.com/Documentation/InfraApp/2.2.4/Install/Install

If you are monitoring the local machine, then the "Monitoring Console" will provide the necessary details about the local machine metrics.

Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2109/Data/MonitorWindowsperformance#Enable_loc...



0 Karma

Loves-to-Learn Lots


The thing is that we're trying to display some dashboards about performance and logs but we don't know how to write a good query for that. We tried to use this app but with no luck.

0 Karma


index = your index |table host, source, sourcetype, event_id,  message, type the fields you need here 

This will give you all the info and save this search as dashboard for windows event logs and that should do... 

Metrics (cpu,mem,disk)is totally diff story and will need more info before a query can be written.




0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...