Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Heatmap in Dashboard

kmattern
Builder
‎04-30-2010 06:53 PM

I have a data table panel on a dashboard withthe following search:

sourcetype="PubsCounts-too_small" * |fields account received, authorized, Difference |eval Difference= (authorized-received) | chart values(Difference) as Difference by account

It displays well except that I would like to have a heatmap on the difference column. If I view the results, I can use the heatmap to great effect.

How can I use a heatmap in this search on the dashboard? BTW: It is an inline search.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-01-2010 02:02 AM

The simplified XML dashboards dont have this ability - you cant do it from the editing UI that you see, nor from editing the simplified XML source.

However the entire simplified XML is just a shortcut layer to the advanced XML syntax. And in the advanced xml this is relatively easy to do.

Converting from the simplified XML to the advanced XML is briefly discussed on this page http://www.splunk.com/base/Documentation/latest/Developer/AdvancedDashboard

however here are the individual steps spelled out:

  1. load your working (simplified XML) view in the browser
  2. tack ?showsource=1 onto the end of the URL
  3. you'll be in a weird page. scroll down. you'll see a huge textarea field full of XML. Copy it into your clipboard
  4. back to your working view.
  5. Actions > edit dashboard
  6. click the little blue link 'Edit name/xml'.
  7. in the form that loads, paste the big nasty advanced xml in there.

converting from a simplified dashboard brings a bunch of weird cruft into the advanced world, but it'll work fine.

Once its converted, getting your heatmap is simply a matter of: finding this line: 

<module name="SimpleResultsTable">

and inside that module, ie right under that line, put

  <param name="dataOverlayMode">heatmap</param>

View solution in original post

Reply
Solved! Jump to solution

khourihan_splun
Splunk Employee
Splunk Employee
‎05-06-2014 10:54 AM

In Splunk 6.x, you can just edit the dashboard panels and click on the paintbrush icon and select the "heat map" data overlay.

Reply
Solved! Jump to solution

email2vamsi
Explorer
‎04-21-2017 05:31 AM

Are you referring to the paintbrush icon on the Table header? or some other place?

0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-01-2010 02:02 AM

The simplified XML dashboards dont have this ability - you cant do it from the editing UI that you see, nor from editing the simplified XML source.

However the entire simplified XML is just a shortcut layer to the advanced XML syntax. And in the advanced xml this is relatively easy to do.

Converting from the simplified XML to the advanced XML is briefly discussed on this page http://www.splunk.com/base/Documentation/latest/Developer/AdvancedDashboard

however here are the individual steps spelled out:

  1. load your working (simplified XML) view in the browser
  2. tack ?showsource=1 onto the end of the URL
  3. you'll be in a weird page. scroll down. you'll see a huge textarea field full of XML. Copy it into your clipboard
  4. back to your working view.
  5. Actions > edit dashboard
  6. click the little blue link 'Edit name/xml'.
  7. in the form that loads, paste the big nasty advanced xml in there.

converting from a simplified dashboard brings a bunch of weird cruft into the advanced world, but it'll work fine.

Once its converted, getting your heatmap is simply a matter of: finding this line: 

<module name="SimpleResultsTable">

and inside that module, ie right under that line, put

  <param name="dataOverlayMode">heatmap</param>
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎05-10-2010 05:05 PM

I see. 😃 Well honestly the path of least resistance is probably to install a copy of 4.1 on your laptop briefly, copy over the simplified XML view, and use its showsource=1 to do the conversion and then copy the result back to your instance.

Reply
Solved! Jump to solution

kmattern
Builder
‎05-10-2010 03:36 PM

Nick,

I'm using 4.0.10 at present and showsource does not give me any XML. What other options do I have to either generate advanced XML or to get the heatmap some other way?

Ken

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...