Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Dashboards - Panels within panels

Armyeric
Path Finder
‎08-28-2013 05:59 PM

I am trying to build a master dashboard that will display multiple single alarms. I would like to use a panel to group 2 or 3 similar panels. There are a few comments indicating panel limit or performance issue if you have too many panels, but these are single views (probably about 15 in total). This is mainly for a SOC display so we can see general issues at a glance.

Example:
Panel 1 AD [(AD elevated group modification)(AD expired accounts)(AD account lockout count)]
Panel 2 AirMagnet [(Rouge Accounts detected)(Sensor Count)(Sensor failures)]
Panel 3 AV [(Threats not Remediated)(Threats detected)]
etc., etc., etc...

I have tried using tables in tables, tables in rows...

Thoughts...suggestions...?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rturk
Builder
‎08-28-2013 06:17 PM

Hi Armyeric,

I would recommend having a look at the Splunk Dashboard Examples app to see how this is done (as well as many other things). The only this is you'll have to start dealing with Advanced XML

For example, in the Splunk for Palo Alto Networks app, on the "PAN Overview" page you have multiple elements embedded in a single panel:

alt text
(Never mind that there's no data in there - you get the idea)

Also, if you poke and prod around other apps and see something you like, you can always put:

?showsource=1

...on the end of the URL to see how they implemented it and re-use it for your own needs.

Hope this helps 🙂

References:

View solution in original post

Reply
Solved! Jump to solution

kmattern
Builder
‎08-29-2013 11:21 AM

If you want to use Sideview Utils you can do something like this and output your data n HTML. It's much neater and easier to format the output exactly as you wish. Again, Advanced XML, but it's worth it. 

  <module name="Search" layoutPanel="panel_row1_col1_grp1" group="Page Views by Type for Yesterday" autoRun="True">
  <param name="search">
  sourcetype="solaris" earliest=-1d@d latest=-d /composites/events WebPage!="index.htm*" | stats count(WebPage) as "Events"
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/safety WebPage!="index.htm*" | stats count(WebPage)  as "Safety"]
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/maint WebPage!="index.htm*" | stats count(WebPage)  as "Maintenance"]
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/design WebPage!="index.htm*" | stats count(WebPage)  as "Design"]
</param> 
- <module name="HTML" layoutPanel="panel_row1_col1_grp1">
<parm name="maxRows">11</parm>
- <param name="html">
- <![CDATA[ 
<style type="text/css">
  .dashboardCell .HTML {
    padding:0px;
    margin:0px;
  }
</style>
<h3>Events = $results[0].Events$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Safety and Training = $results[1].Safety$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Maintenance and Repair = $results[2].Maintenance$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Design, Engineering and Fabrication = $results[3].Design$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  ]]> 
  </param>
  </module>
  </module>
0 Karma
Reply
Solved! Jump to solution

Armyeric
Path Finder
‎09-03-2013 10:25 AM

Thanks kmattern. I am looking in to both items mentioned.

0 Karma
Reply
Solved! Jump to solution
Solution

rturk
Builder
‎08-28-2013 06:17 PM

Hi Armyeric,

I would recommend having a look at the Splunk Dashboard Examples app to see how this is done (as well as many other things). The only this is you'll have to start dealing with Advanced XML

For example, in the Splunk for Palo Alto Networks app, on the "PAN Overview" page you have multiple elements embedded in a single panel:

alt text
(Never mind that there's no data in there - you get the idea)

Also, if you poke and prod around other apps and see something you like, you can always put:

?showsource=1

...on the end of the URL to see how they implemented it and re-use it for your own needs.

Hope this helps 🙂

References:

Reply
Solved! Jump to solution

Armyeric
Path Finder
‎08-29-2013 11:22 AM

Thanks for the info. I am unfortunately stuck on 4.3.1, but your response put me in the right direction. UI_Examples is for 4.3+ users

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...