Dashboards & Visualizations

Basic dashboards

Loves-to-Learn Lots

Hello guys... We need some help, as always. We are a bunch of noobs in Splunk and we want to create some basic dashboards about the local performance such as disk, cpu, memory... And dashboards about a few of the most importants event logs in windows. Any idea how to start? I've been reading docs, forums, etc. but it looks like since is too basic no one talks about it lol Hope you can give me a hand. We are using splunk enterprise on a local w10 machine just to get our hands dirt and learn the basics as you can see.

Thank you again and happy halloween!

Labels (3)
0 Karma

Splunk Employee
Splunk Employee

Hi @adetheodore , 


Although this may not assist necessarily in the query-writing aspect of your question, we do provide some example dashboards with the product for Splunk Enterprise 8.2 and higher, in the Examples Hub, which you can find by going to the Dashboard listing page in Search and Reporting and clicking the link at the top.This is a collection of example dashboards for various use cases if you need help in terms of design, organization, and messaging for the dashboard. If you use one of these examples you can likely replace the searches with the correct ones necessary for your use case. Hopefully this can help in some aspects of your situation. 

0 Karma

Path Finder

Hi @adetheodore 

In Splunk Enterprise, you can use the "Splunk App for Infrastructure" for Windows Monitoring. 

APP URL: https://splunkbase.splunk.com/app/3975/

Installation Reference: https://docs.splunk.com/Documentation/InfraApp/2.2.4/Install/Install

If you are monitoring the local machine, then the "Monitoring Console" will provide the necessary details about the local machine metrics.

Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2109/Data/MonitorWindowsperformance#Enable_loc...



0 Karma

Loves-to-Learn Lots


The thing is that we're trying to display some dashboards about performance and logs but we don't know how to write a good query for that. We tried to use this app but with no luck.

0 Karma


index = your index |table host, source, sourcetype, event_id,  message, type the fields you need here 

This will give you all the info and save this search as dashboard for windows event logs and that should do... 

Metrics (cpu,mem,disk)is totally diff story and will need more info before a query can be written.




0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...