Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I create a dashboard with my searches?

rajgowd1
Communicator
‎11-15-2016 10:00 AM

hi,

I have data like below and extracted fields hostname ,logname and data. By using these and existing defaults fields, I'm trying to create a dashboard with good representation.

Mon Nov 14 23:51:31 2016,vm-a1fc-d5f5,/var/log/messages,key,Nov 14 23:23:59 vm-21dd-d4f2 ssh-server-g3: 702 Auth_methods_completed, Username: kal, Auth methods: publickey, Src IP: xxx.xxx.xxx.xxx, Src Port: 53370, Ver: SSH-2.0-OpenSSH_5.8, Session-Id: 70

I used the searches below to create some tables. It would be great if someone help with dashboard searches:

index=pub_cto_luna_hsm | stats list(data) by hostname logname |rename list(data) as Data

index=pub_cto_luna_hsm | chart values(data) by hostname logname
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-15-2016 10:23 AM

Hi rajgovd1,
I usually put in my Dashboard a time distribution, For example, by host using timechart

Index=yourindex | timechart count by host

After I insert one or more relevant pie graphs
Index=yourindex | stats count by host
Index=yourindex | stats count by logname

And after a table with all fields
Index=yourindex | table ...

In the top you could insert one filter For each relevant field.

At the end you could use a base search to have a more efficient Dashboard.
If you don't know how to do this, download the Splunk Dashboards Examples App to see how to do all.

Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-15-2016 10:23 AM

Hi rajgovd1,
I usually put in my Dashboard a time distribution, For example, by host using timechart

Index=yourindex | timechart count by host

After I insert one or more relevant pie graphs
Index=yourindex | stats count by host
Index=yourindex | stats count by logname

And after a table with all fields
Index=yourindex | table ...

In the top you could insert one filter For each relevant field.

At the end you could use a base search to have a more efficient Dashboard.
If you don't know how to do this, download the Splunk Dashboards Examples App to see how to do all.

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...