Can I dynamically add charts to a dashboard?

Ancillas · ‎10-03-2013

I have a search that I'm using to display timeseries data on the uptime of webservers. Unfortunately, squishing all of the hosts into a single chart makes it hard to see. I'd prefer to have a panel for each individual host, but I don't want to update the panel everytime I add or remove a host.

Here's what I'm using now.

source="status.log" | replace up with 1 in status | replace down with 0 in status | timechart span=1m first(status) by host

Is there a way to do something like

source="status.log" host="$host" | replace up with 1 in status | replace down with 0 in status | timechart span=1m first(status)

and then pass in an array of hosts to use in place of $host so that I got a chart for each host?

yannK · ‎10-03-2013

or save the list of hosts in a lookup and call back the lookup in your subsearch.

Or if you want to do a form with the list of the host in a dropdown, read the dashboard editing options.
see http://docs.splunk.com/Documentation/Splunk/latest/Viz/Buildandeditforms

Can I dynamically add charts to a dashboard?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

Can I dynamically add charts to a dashboard?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events