- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Enterprise
- :
- Help with Dashboard creation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help with Dashboard creation
Hi,
I have a raw data as below, with the fields "ID, Date, Level, Logger, Message which needs to be dsiplayed in a dashboard.
index="wireless_retail" source="CPS.cpsLog" Level="ERROR", Logger="Utils.Helpers.LogHelper". Can someone help me with this dashboard creation for this
ID="39090", Date="2024-05-07 14:12:53.313", Thread="4", Level="ERROR", Logger=".Utils.Helpers.LogHelper", Message="UserName: abc Location: Sales Channel: GW_STORE Error in Path: /pap/getcpsinput Raw Url: /pap/getcpsinput User Name: Error: System.Data.Entity.Core.EntityException: An error occurred while starting a transaction on the provider connection. See the inner exception for details. ---> System.Data.SqlClient.SqlException: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception: The wait operation timed out --- End of inner exception stack trace --- at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject stateObj, UInt32 error) at System.Data.SqlClient.TdsParserStateObject.ReadSniSyncOverAsync() at System.Data.SqlClient.TdsParserStateObject.TryReadNetworkPacket() at System.Data.SqlClient.TdsParserStateObject.TryPrepareBuffer() at System.Data.SqlClient.TdsParserStateObject.TryReadByte(Byte& value) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The first thing about dashboards is that you should create draw out a design, what data, fields, and what kind of layout, table, chart, timechart, forms etc.
Then create a prototype dashboard based on that and refine it until you have the results.
Why not try and create the dashboards, have a look here there a several examples
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/Createnewdashboard
Even better if you run through this tutorial - by the end of the week you should be able to create some of you own dashboard.
https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchTutorial/WelcometotheSearchTutorial
These are very simple examples of different ways to present your data and put them into a dashboard.
This shows just a table for the fields of interest to you:.
index="wireless_retail" source="CPS.cpsLog"
| fields ID, Date, Level, Logger, Message
| table Date, ID, Level, Message
This shows how many events by Level field
index="wireless_retail" source="CPS.cpsLog"
| fields ID, Date, Level, Logger, Message
| stats count by Level, ID, message
This shows using time period for Level by ID
index="wireless_retail" source="CPS.cpsLog"
| fields ID, _time, Date, Level, Logger, Message
| timechart span=1h count by Level by ID
You can also download this app and use the many great examples here
https://splunkbase.splunk.com/app/1603
.conf24 | Day 0
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
