Dashboards & Visualizations

How do you create a dashboard with dependencies between assets, like a tree or topology?

jfeitosa_real
Path Finder

Basically, I want to know how you create a dashboard with dependencies between assets, like a tree or topology, something like the one used in the "IT Service Intelligence" app?

I want to do this in a production environment, where there are multiple assets from different contexts that send logs to Splunk (Mainframe, Windows event viewer, Linux, Apache web servers, application servers, switches, routers or firewalls). These Configuration Items (ICs) are dependent on each other, and when an incident occurs in one of these assets, they would be in a dependency tree format, something like a topology, as in the link example.

http://docs.splunk.com/Documentation/VMW/3.4.2/User/ProactiveMonitoring

Thank you very much in advance.

0 Karma
1 Solution

@jfeitosa_real following are some of your options:

1) Custom Visualizations (Legacy) has Dendrogram visualization similar to the one shown in ITSI. Since this is a legacy visualization not built on top of Splunk Custom Visualizations API, you should ideally build your own by adoptind Dedrogram logic as per your needs.
2) Network Topology Custom Visualization built by Splunk Works, refer to one of my older answers as to how you can show systems and their dependencies using this Custom Visualization: https://answers.splunk.com/answers/681147/topology-visualization-message-format.html
3) Force Directed App for Splunk built by Splunk Works, which is similar to above custom visualization but provides a simple Force Directed Graph visualization.
3) Afterglow App which can be downloaded for free but is hosted externally.
4) Sankey Diagram Custom Visualizationbuilt by Splunk.
5) Parallel Coordinates Custom Visualization built by Splunk which would be useful if you have data from system passing through 1 or 2 hops.

If you do not find any of the above suitable as per your needs you can definitely build your own Custom Visualization using Splunk Custom Visualization API with the link provided above.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

@jfeitosa_real following are some of your options:

1) Custom Visualizations (Legacy) has Dendrogram visualization similar to the one shown in ITSI. Since this is a legacy visualization not built on top of Splunk Custom Visualizations API, you should ideally build your own by adoptind Dedrogram logic as per your needs.
2) Network Topology Custom Visualization built by Splunk Works, refer to one of my older answers as to how you can show systems and their dependencies using this Custom Visualization: https://answers.splunk.com/answers/681147/topology-visualization-message-format.html
3) Force Directed App for Splunk built by Splunk Works, which is similar to above custom visualization but provides a simple Force Directed Graph visualization.
3) Afterglow App which can be downloaded for free but is hosted externally.
4) Sankey Diagram Custom Visualizationbuilt by Splunk.
5) Parallel Coordinates Custom Visualization built by Splunk which would be useful if you have data from system passing through 1 or 2 hops.

If you do not find any of the above suitable as per your needs you can definitely build your own Custom Visualization using Splunk Custom Visualization API with the link provided above.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jfeitosa_real
Path Finder

Hi, niketnilay!

Thank you for the informations. I found the Network Topology app cool, but I need something like a topology in PRTG or Nagios, interactively clicking on an asset that has been affected by some incident, graphically displaying other assets that are in the same dependency ...
I think you can use some of the options that you have, but you will need to develop using jquery or another language.

Thanks.

0 Karma

@jfeitosa_real Custom Visualization Legacy has Dendrogram, give that a try as well. If it does not work you can definitely choose Splunk Custom Visualization API. The documentation also provides a step by step instructions to create a visualization where you can use JavaScript based Visualization libraries like D3, Canvas, SVG, HighCharts etc to build Dendrogram yourself!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

@jfeitosa_real,

Thanks for posting. Could you give us some more context for your question? You have a much better chance of getting your question answered if you provide more information about your issue. Plus, it will help guide future community users who are facing a similar problem.

0 Karma

jfeitosa_real
Path Finder

Hi, mstjohn_splunk.

So let's say in a production environment, where multiple assets from different contexts send logs to Splunk (Mainframe, Windows event viewer, Linux, Apache web servers, application servers, switches, routers or firewalls). These Configuration Items (ICs) are dependent on each other, and when an incident occurs in one of these assets that is shown in a dependency tree format, something like a topology, as in the link example.

http://docs.splunk.com/Documentation/VMW/3.4.2/User/ProactiveMonitoring

Thanks for listening.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

thanks @jfeitosa_real,

I went ahead and moved your comment up to the question so that it has better visibility.

Good luck with your query!

0 Karma

jfeitosa_real
Path Finder

Thank you very much

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...