Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboards - Panels within panels

Armyeric
Path Finder
‎08-28-2013 05:59 PM

I am trying to build a master dashboard that will display multiple single alarms. I would like to use a panel to group 2 or 3 similar panels. There are a few comments indicating panel limit or performance issue if you have too many panels, but these are single views (probably about 15 in total). This is mainly for a SOC display so we can see general issues at a glance.

Example:
Panel 1 AD [(AD elevated group modification)(AD expired accounts)(AD account lockout count)]
Panel 2 AirMagnet [(Rouge Accounts detected)(Sensor Count)(Sensor failures)]
Panel 3 AV [(Threats not Remediated)(Threats detected)]
etc., etc., etc...

I have tried using tables in tables, tables in rows...

Thoughts...suggestions...?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rturk
Builder
‎08-28-2013 06:17 PM

Hi Armyeric,

I would recommend having a look at the Splunk Dashboard Examples app to see how this is done (as well as many other things). The only this is you'll have to start dealing with Advanced XML

For example, in the Splunk for Palo Alto Networks app, on the "PAN Overview" page you have multiple elements embedded in a single panel:

alt text
(Never mind that there's no data in there - you get the idea)

Also, if you poke and prod around other apps and see something you like, you can always put:

?showsource=1

...on the end of the URL to see how they implemented it and re-use it for your own needs.

Hope this helps 🙂

References:

View solution in original post

Reply
Solved! Jump to solution

kmattern
Builder
‎08-29-2013 11:21 AM

If you want to use Sideview Utils you can do something like this and output your data n HTML. It's much neater and easier to format the output exactly as you wish. Again, Advanced XML, but it's worth it. 

  <module name="Search" layoutPanel="panel_row1_col1_grp1" group="Page Views by Type for Yesterday" autoRun="True">
  <param name="search">
  sourcetype="solaris" earliest=-1d@d latest=-d /composites/events WebPage!="index.htm*" | stats count(WebPage) as "Events"
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/safety WebPage!="index.htm*" | stats count(WebPage)  as "Safety"]
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/maint WebPage!="index.htm*" | stats count(WebPage)  as "Maintenance"]
| append [search sourcetype="solaris" earliest=-1d@d latest=-d /composites/design WebPage!="index.htm*" | stats count(WebPage)  as "Design"]
</param> 
- <module name="HTML" layoutPanel="panel_row1_col1_grp1">
<parm name="maxRows">11</parm>
- <param name="html">
- <![CDATA[ 
<style type="text/css">
  .dashboardCell .HTML {
    padding:0px;
    margin:0px;
  }
</style>
<h3>Events = $results[0].Events$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Safety and Training = $results[1].Safety$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Maintenance and Repair = $results[2].Maintenance$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<h3>Design, Engineering and Fabrication = $results[3].Design$</h3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  ]]> 
  </param>
  </module>
  </module>
0 Karma
Reply
Solved! Jump to solution

Armyeric
Path Finder
‎09-03-2013 10:25 AM

Thanks kmattern. I am looking in to both items mentioned.

0 Karma
Reply
Solved! Jump to solution
Solution

rturk
Builder
‎08-28-2013 06:17 PM

Hi Armyeric,

I would recommend having a look at the Splunk Dashboard Examples app to see how this is done (as well as many other things). The only this is you'll have to start dealing with Advanced XML

For example, in the Splunk for Palo Alto Networks app, on the "PAN Overview" page you have multiple elements embedded in a single panel:

alt text
(Never mind that there's no data in there - you get the idea)

Also, if you poke and prod around other apps and see something you like, you can always put:

?showsource=1

...on the end of the URL to see how they implemented it and re-use it for your own needs.

Hope this helps 🙂

References:

Reply
Solved! Jump to solution

Armyeric
Path Finder
‎08-29-2013 11:22 AM

Thanks for the info. I am unfortunately stuck on 4.3.1, but your response put me in the right direction. UI_Examples is for 4.3+ users

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...