Re: Can I dynamically add charts to a dashboard?

Ancillas · ‎10-03-2013

I have a search that I'm using to display timeseries data on the uptime of webservers. Unfortunately, squishing all of the hosts into a single chart makes it hard to see. I'd prefer to have a panel for each individual host, but I don't want to update the panel everytime I add or remove a host.

Here's what I'm using now.

source="status.log" | replace up with 1 in status | replace down with 0 in status | timechart span=1m first(status) by host

Is there a way to do something like

source="status.log" host="$host" | replace up with 1 in status | replace down with 0 in status | timechart span=1m first(status)

and then pass in an array of hosts to use in place of $host so that I got a chart for each host?

yannK · ‎10-03-2013

or save the list of hosts in a lookup and call back the lookup in your subsearch.

Or if you want to do a form with the list of the host in a dropdown, read the dashboard editing options.
see http://docs.splunk.com/Documentation/Splunk/latest/Viz/Buildandeditforms

Can I dynamically add charts to a dashboard?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation