Dashboards & Visualizations

How to create an interactive dashboard proper design?

noammeir
Explorer

hi

I have made an interactive dashboard that allow users to filter our data according the main interesting parameters, however it seems to me that I could do better, here are my questions:

1) all the panels in the dashboard use the token from the time range picker. I would like some of the panels (the single values below for example) to re-calculate based on changing the zoom in the time chart above them. how can I implement it?

noammeir_1-1666520612814.png

2) all the panels use the same base search and add on it. for example <base search> | table something, <base search>| get specific single value, etc. how can I save this common base search and use it properly in all the panels?

3) moreover - at the moment, for each panel a new search is being performed, quite a waste... is there a way to optimize it to run once and get the results for each panel from this search?

4) is there an option to add specific "interesting" single value or other data on top of a chart? adding a different panel for each value is annoying, wasting additional searches and in my opinion presents it in a lesser way (GUI-wise)

5) any good way to let users filter out specific anomaly events from the chart? 

 

thanks,

noam

 

Labels (3)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
  1. You can use the selection handler to determine the range selected Event Handler Reference - Splunk Documentation
  2. Split your "base" search so it does the bulk of the work, the post-process the results in the panels
  3. You can use the done handler in your "base" search to set a token based on the $job.sid$ and then use loadjob to load the results rather than using base=
  4. Not sure I understand the requirement here - please expand, perhaps with a more concrete example
  5. Not sure I understand the requirement here - please expand, perhaps with a more concrete example
0 Karma

noammeir
Explorer

thanks for the prompt reply

 

1. tried it, it works but then I cannot zoom in, just select - any way around it?

2. can give a specific example/reference on how to do it?

3. didnt get to it, lets start with #1/2 🙂

4. explanation - I'd imagine it as having some "legend" on the chart itself with certain statistics I choose to show like average/min/max/other instead of adding a new panel just for a single number. not a must, mainly for how it looks and how easy it is for me to build such things in the future.

5.explanation - looking for a way for a user to filter out anomalies so it it will be easier to understand the graph. for example - right click on a point in the chart and select to remove it. for example - if most of the points range 0-100, and there is one at 15000, you cant get anything from the graph without zooming (and I didnt find a way to only zoom on the y axis)

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...