I use both Splunk and Cloudwatch dashboards on a regular basis. One feature that cloudwatch dashboards have which I really miss in Splunk is a shared time cursor across all charts on the dashboard. So that it's easy to say "What was happening in all these different metrics at time X?"
Something like the existing functionality for Charts under Format>Legend>Compare Series that would be active on multiple charts within a dashboard at the same time.
Now, I recognize that Splunk charts are more diverse and so this is probably a non-trivial feature, but it would be very helpful for my workflows. I often need to correlate phenomena from different systems or sourcetypes by time.
EDIT: To clarify, I mean that when I hover my cursor over a point on chart A which occurs at time X, I see a vertical line though the point. A tooltip shows the value of the point. Simultaneously, on other timecharts a vertical line appears at the same time (horizontal position) and a tooltip shows the value of the point on that chart at that time X.
... View more
I am making a report containing multiple searches. I'd like all the searches to use the same time range.
The intent is to send a daily PDF of the dashboard. In addition but it is likely that individual users will want to view the dashboard interactively and tweak the time range.
I understand that by adding a time input to the dashboard and referencing the correct tokens in the searches, I can parameterize the time range of the dashboard. But from what I understand scheduled PDF delivery is not supported for dashboards with forms.
Any way to get the best of both worlds?
... View more