Dashboards & Visualizations

How do I create a dashboard based on a saved job?

Yarsa
Path Finder

I am building dashboards for the whole company to use, these dashboards consist of at least 10 reports.
Since most users are "normal users" they are permitted to run 3 reports simultaneously.

Our basic solution is to raise the bar to 10 simultaneous reports, but It's not ideal.
Further more we were hoping there was a possibility for the dashboard to run only once (It's a daily dashboard that runs every day for 9AM to 9AM), and from that job every other user wouldn't have to run the dashboard again, instead the user will receive the results from the job of the dashboard. Right now all the reports of the dashboard are based on saved reports but the problem is still there.

**Another more advanced solution would be creating a "pulldown panel" thus instead of having 10 reports I will have 4.

0 Karma
1 Solution

lguinn2
Legend

For each of the 10 searches on the dashboard: edit the search so it runs on a schedule. For example, at 9:05 am, the search runs for the prior 24 hours (9 am - 9 am).

When a dashboard is built on a scheduled search, the dashboard will display the most recent search results rather than running the search each time the dashboard is loaded.

Note that this behavior is automatic if you are using the visual dashboard editor or simple XML to create your dashboards. If you are using Advanced XML to build your dashboards, check out this answer.

Summary indexes are another alternative, but will require a bit more work on your part. I'd start with the scheduled searches and see if that gets you what you want!

View solution in original post

lguinn2
Legend

For each of the 10 searches on the dashboard: edit the search so it runs on a schedule. For example, at 9:05 am, the search runs for the prior 24 hours (9 am - 9 am).

When a dashboard is built on a scheduled search, the dashboard will display the most recent search results rather than running the search each time the dashboard is loaded.

Note that this behavior is automatic if you are using the visual dashboard editor or simple XML to create your dashboards. If you are using Advanced XML to build your dashboards, check out this answer.

Summary indexes are another alternative, but will require a bit more work on your part. I'd start with the scheduled searches and see if that gets you what you want!

Damien_Dallimor
Ultra Champion

Based on your description it seems that scheduled PDF report generation might be well suited to your needs.This could be used in conjunction with summary indexing.

http://docs.splunk.com/Documentation/Splunk/latest/User/ScheduleDeliveryofDashboardPrintoutsviaEmail

0 Karma

jensihnow
Path Finder

Do you checked out summary indexes? You could store the needed data into a summary index. If the report ist called the searches only use the data in the summary index. Thats much faster then searching over the whole index. If you schedule the search for building the report data you got automatically a report a day or something else.
If you has many reports in the summarx index, you could build a search over that index and used it for a selection form!

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...