Dashboards & Visualizations

How do you create a dashboard with dependencies between assets, like a tree or topology?

jfeitosa_real
Path Finder

Basically, I want to know how you create a dashboard with dependencies between assets, like a tree or topology, something like the one used in the "IT Service Intelligence" app?

I want to do this in a production environment, where there are multiple assets from different contexts that send logs to Splunk (Mainframe, Windows event viewer, Linux, Apache web servers, application servers, switches, routers or firewalls). These Configuration Items (ICs) are dependent on each other, and when an incident occurs in one of these assets, they would be in a dependency tree format, something like a topology, as in the link example.

http://docs.splunk.com/Documentation/VMW/3.4.2/User/ProactiveMonitoring

Thank you very much in advance.

0 Karma
1 Solution

niketn
Legend

@jfeitosa_real following are some of your options:

1) Custom Visualizations (Legacy) has Dendrogram visualization similar to the one shown in ITSI. Since this is a legacy visualization not built on top of Splunk Custom Visualizations API, you should ideally build your own by adoptind Dedrogram logic as per your needs.
2) Network Topology Custom Visualization built by Splunk Works, refer to one of my older answers as to how you can show systems and their dependencies using this Custom Visualization: https://answers.splunk.com/answers/681147/topology-visualization-message-format.html
3) Force Directed App for Splunk built by Splunk Works, which is similar to above custom visualization but provides a simple Force Directed Graph visualization.
3) Afterglow App which can be downloaded for free but is hosted externally.
4) Sankey Diagram Custom Visualizationbuilt by Splunk.
5) Parallel Coordinates Custom Visualization built by Splunk which would be useful if you have data from system passing through 1 or 2 hops.

If you do not find any of the above suitable as per your needs you can definitely build your own Custom Visualization using Splunk Custom Visualization API with the link provided above.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

niketn
Legend

@jfeitosa_real following are some of your options:

1) Custom Visualizations (Legacy) has Dendrogram visualization similar to the one shown in ITSI. Since this is a legacy visualization not built on top of Splunk Custom Visualizations API, you should ideally build your own by adoptind Dedrogram logic as per your needs.
2) Network Topology Custom Visualization built by Splunk Works, refer to one of my older answers as to how you can show systems and their dependencies using this Custom Visualization: https://answers.splunk.com/answers/681147/topology-visualization-message-format.html
3) Force Directed App for Splunk built by Splunk Works, which is similar to above custom visualization but provides a simple Force Directed Graph visualization.
3) Afterglow App which can be downloaded for free but is hosted externally.
4) Sankey Diagram Custom Visualizationbuilt by Splunk.
5) Parallel Coordinates Custom Visualization built by Splunk which would be useful if you have data from system passing through 1 or 2 hops.

If you do not find any of the above suitable as per your needs you can definitely build your own Custom Visualization using Splunk Custom Visualization API with the link provided above.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jfeitosa_real
Path Finder

Hi, niketnilay!

Thank you for the informations. I found the Network Topology app cool, but I need something like a topology in PRTG or Nagios, interactively clicking on an asset that has been affected by some incident, graphically displaying other assets that are in the same dependency ...
I think you can use some of the options that you have, but you will need to develop using jquery or another language.

Thanks.

0 Karma

niketn
Legend

@jfeitosa_real Custom Visualization Legacy has Dendrogram, give that a try as well. If it does not work you can definitely choose Splunk Custom Visualization API. The documentation also provides a step by step instructions to create a visualization where you can use JavaScript based Visualization libraries like D3, Canvas, SVG, HighCharts etc to build Dendrogram yourself!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

@jfeitosa_real,

Thanks for posting. Could you give us some more context for your question? You have a much better chance of getting your question answered if you provide more information about your issue. Plus, it will help guide future community users who are facing a similar problem.

0 Karma

jfeitosa_real
Path Finder

Hi, mstjohn_splunk.

So let's say in a production environment, where multiple assets from different contexts send logs to Splunk (Mainframe, Windows event viewer, Linux, Apache web servers, application servers, switches, routers or firewalls). These Configuration Items (ICs) are dependent on each other, and when an incident occurs in one of these assets that is shown in a dependency tree format, something like a topology, as in the link example.

http://docs.splunk.com/Documentation/VMW/3.4.2/User/ProactiveMonitoring

Thanks for listening.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

thanks @jfeitosa_real,

I went ahead and moved your comment up to the question so that it has better visibility.

Good luck with your query!

0 Karma

jfeitosa_real
Path Finder

Thank you very much

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...