Data
Reader small image

You're reading from  Advanced Splunk

Product typeBook
Published inJun 2016
Publisher
ISBN-139781785884351
Edition1st Edition
Tools
Splunk
Concepts
Operational Intelligence
Right arrow
Author (1)
Ashish Kumar Tulsiram Yadav
Ashish Kumar Tulsiram Yadav
author image
Ashish Kumar Tulsiram Yadav

Ashish Kumar Tulsiram Yadav is a BE in computers and has around four and a half years of experience in software development, data analytics, and information security, and around four years of experience in Splunk application development and administration. He has experience of creating Splunk applications and add-ons, managing Splunk deployments, machine learning using R and Python, and analytics and visualization using various tools, such as Tableau and QlikView. He is currently working with the information security operations team, handling the Splunk Enterprise security and cyber security of the organization. He has worked as a senior software engineer at Larsen & Toubro Technology Services in the telecom consumer electronics and semicon unit providing data analytics on a wide variety of domains, such as mobile devices, telecom infrastructure, embedded devices, Internet of Things (IOT), Machine to Machine (M2M), entertainment devices, and network and storage devices. He has also worked in the area of information, network, and cyber security in his previous organization. He has experience in OMA LWM2M for device management and remote monitoring of IOT and M2M devices and is well versed in big data and the Hadoop ecosystem. He is a passionate ethical hacker, security enthusiast, and Linux expert and has knowledge of Python, R, .NET, HTML5, CSS, and the C language. He is an avid blogger and writes about ethical hacking and cyber security on his blogs in his free time. He is a gadget freak and keeps on writing reviews on various gadgets he owns. He has participated in and has been a winner of hackathons, technical paper presentations, white papers, and so on.
Read more about Ashish Kumar Tulsiram Yadav

Right arrow

Chapter 7. Advanced Visualization

You already learned how to create and customize basic visualizations in the previous chapter. Now, in this chapter, we will go through advanced visualizations that can be implemented in Splunk. You will learn how to implement advanced visualizations such as Sunburst, custom decoration, calendar heatmap, and force directed graphs. Many of these visualizations were introduced in the latest version of Splunk 6.3. These advanced visualizations can even be used by a non-technical audience to generate useful insight and derive business decisions.

In this chapter, we will cover the following topics:

  • Sunburst sequence

  • Geospatial visualization

  • Punchcard visualization

  • Calendar heatmap

  • Sankey diagram

  • Parallel coordinates

  • Force directed graph

  • Custom chart overlay

  • Custom decorations

Sunburst sequence

Splunk supports various advanced visualizations, and now, you will learn how sunburst visualization can be implemented in Splunk dashboards and what type of data can be best visualized in a sunburst sequence.

What is a sunburst sequence?

A sunburst sequence chart is sometimes also known as a ring chart. A multilevel pie chart is a chart that can be used to display a hierarchical type of data and its overall distribution in a circular pie chart like visualization. It is a multi-circle chart in which each ring represents a level of hierarchy with the innermost circle as the top level of hierarchy. A sunburst chart having multiple levels depicts how inner and outer rings are related, and a sunburst sequence without hierarchical data looks like a doughnut chart. The sunburst sequence chart is one of the most effective visualizations to show how one ring is distributed/broken into its contributing constituents.

Example

Let's see how we can implement a sunburst sequence in the Splunk...

Geospatial visualization

The Splunk visualization list has two types of visualizations to show geographical data on maps. Maps visualization can be used from the visualization list to show data on the geographical world map. In its version 6.3, Splunk introduced powerful choropleth visualization to show more metrics and much more customized data mapping on maps to get insight from the data belonging to the geospatial domain. Choropleth visualization can be used to spot the pattern to sense the complete insight on the data.

Splunk used standard definition to describe the boundaries of colored polygons on choropleth maps visualization. Splunk 6.3 has included countries' maps updated with the latest boundaries and information and 50 states of the United States by default. That doesn't mean that the visualization will be limited to only these two boundaries, but it supports widely used the KMZ format of polygon definition of maps' boundaries and data.

Splunk's choropleth visualization supports...

Punchcard visualization

Punchcard visualization is another advanced visualization. It can be used to show insight from the data, and using those insights, informed business decisions can be made. Punchcard charts are used to visualize data by hour/day/week at the same time. A punchcard chart can be used to analyze the power consumption of a location over the week, sales on an e-commerce portal by hour of the day, and so on.

Example

Let's see how punchcard visualization can be implemented on the Splunk dashboard.

Search query

Here is the search query to be run to get the output that will be required for punchcard visualization:

| inputcsv punchcard.csv | eval _time=strptime (Date, "%m/%e/%Y") | eval day=strftime (_time, "%a") | stats count by day, Transaction

The output of the preceding search query in the statistical form will be displayed as shown in the following screenshot:

The preceding tabular data, when shown in punchcard visualization, will appear as shown in the following diagram. The...

Calendar heatmap visualization

Calendar heatmap visualization is derived from traditional heat map visualization where the data is plotted on Calendar. Calendar heatmap can be plotted in a way such that, month can be used as a column, days as a row and data points being a data with different colors or shades of color. Calendar heatmap can be a good visualization to display time series data varying across time. According to Google's definition of calendar heatmap visualization, it is used to show activity/transaction over a long period of time, say months or years. It can be useful to display activity trends over time.

Example

Let's now learn what information can be derived from Calendar heatmap visualization, and then, we will look at the implementation of this visualization on the Splunk dashboard.

The data used for this visualization is the test data from the web server. It has the time and count of any failed transaction. The statistical data used to create calendar heatmap is described...

The Sankey diagram

The Sankey diagram is a special type of visualization that is used to display flow among systems; many-to-many mapping between groups or set of groups; or to visualize energy, material, or cost transfers between processes. In the Sankey diagram, the width of the arrow is directly proportional to the quantity of the flow. Things that are being connected are called nodes and connections are called links. The Sankey diagram visualization is quite widely used to derive quick insights from the dataset. Google uses the Sankey diagram visualization to show the flow of traffic from one page to other pages of a website.

The Sankey diagram can be useful to show information such as:

  • Flow of money (money earned and spent)

  • Flow of energy from source to destination

  • Product manufacturing and sale lifecycle

Example

Let's now learn what information and insights can be generated from the Sankey diagram visualization over the data, and then, we will see how we can implement Sankey diagram in the...

Parallel coordinates

Parallel coordinates visualization is a very powerful tool to understand a multidimensional, multivariate numerical dataset. This visualization works best for datasets with a moderate number of dimensions with around a few thousand records. The parallel coordinates visualization is related to time series visualization. Rather, it is applied on data whose axes do not correspond to points in time.

Parallel coordinates visualization is a very versatile and useful technique to find structures in the given dataset. It can be used to quickly find patterns and the strength of correlation in a mid-sized dataset.

Example

Let's now see what data can be plotted with parallel coordinates visualization and the insights derived from it. Then, we will look at implementing it on the Splunk dashboard.

Search query

The following search query is used for parallel coordinates visualization:

index=_internal sourcetype=splunkd component=Metrics group=pipeline | dedup 2 name, processor | table...

The force directed graph

The force directed graph is a visualization in which the nodes of a graph are positioned in two or three dimensions by assigning the forces among the set of edges and set of nodes based on their relative positions. There are various types of algorithms available to implement force directed graphs.

As per Wiki, force directed graph has the following advantages due to which it is widely used for visualization of various types of datasets:

  • Good quality results: For a mid-sized dataset, the force directed graph yields very good results based on criteria such as uniform edge length, vertex distribution, and symmetry

  • Flexibility: Force directed graph gets easily adapted and extended to fulfil aesthetic requirements

  • Simplicity: It is very simple to implement, and important inference and insights can be derived quickly for relatively larger datasets

Example

Now, since we are acquainted with the force directed graph, let's see an example of the force directed graph. Then, later...

Custom chart overlay

You have already learned what chart overlay is and how to create it in a previous chapter (Chapter 6, Visualization). Now, we will see how to create custom chart overlay using a D3 extension. Basically, it is an advanced and more customized visualization option of chart overlay.

Example

Let's look at the tabular dataset that we will use to create custom chart overlay. Later, you will learn how to implement it in the Splunk dashboard.

The following screenshot is the subset of the total dataset that we will use to visualize custom chart overlay:

The preceding dataset that has login failure, login success, and number of visitors along with time from a web server will look like the following screenshot when implemented for D3 custom chart overlay. Hovering the mouse over the chart shows the required relevant information. It also shows that behaviors can be customized from the JavaScript code of custom chart overlay:

Implementation

The following are the steps to be taken in the...

Custom decorations

You have learned most of the advanced visualizations that we can implement on the Splunk dashboard along with examples. Now, in this section of the chapter, we will look at how custom decoration can be done on Splunk single value visualization to make it aesthetically pleasing and more informative in terms of using signs/symbols, and color combinations.

Example

Let's look at a few examples of custom decorations that can be implemented on single value visualization, which you have already learned in the previous chapter.

The preceding image shows the default Splunk icons that can be used in a single value to depict specific information. These icons can be made dynamic, and depending on the specified condition, the relevant icons will be shown. This example shows decorations using tokens from search results, HTML panels, and some custom CSS. The icons are displayed using the Splunk Icon font.

Let me explain how the preceding customized decorations can be useful. If the single...

Summary

In this chapter, you studied the uses and implementation of various advanced types of visualizations, along with examples. Now, we are aware of basic as well as advanced visualizations.

In the next chapter, you will learn about Dashboard customization to enable the making of advanced and customized dashboards on Splunk.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 14 of 20
Next Chapter
You have been reading a chapter from
Advanced Splunk
Published in: Jun 2016Publisher: ISBN-13: 9781785884351
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Ashish Kumar Tulsiram Yadav

Ashish Kumar Tulsiram Yadav is a BE in computers and has around four and a half years of experience in software development, data analytics, and information security, and around four years of experience in Splunk application development and administration. He has experience of creating Splunk applications and add-ons, managing Splunk deployments, machine learning using R and Python, and analytics and visualization using various tools, such as Tableau and QlikView. He is currently working with the information security operations team, handling the Splunk Enterprise security and cyber security of the organization. He has worked as a senior software engineer at Larsen & Toubro Technology Services in the telecom consumer electronics and semicon unit providing data analytics on a wide variety of domains, such as mobile devices, telecom infrastructure, embedded devices, Internet of Things (IOT), Machine to Machine (M2M), entertainment devices, and network and storage devices. He has also worked in the area of information, network, and cyber security in his previous organization. He has experience in OMA LWM2M for device management and remote monitoring of IOT and M2M devices and is well versed in big data and the Hadoop ecosystem. He is a passionate ethical hacker, security enthusiast, and Linux expert and has knowledge of Python, R, .NET, HTML5, CSS, and the C language. He is an avid blogger and writes about ethical hacking and cyber security on his blogs in his free time. He is a gadget freak and keeps on writing reviews on various gadgets he owns. He has participated in and has been a winner of hackathons, technical paper presentations, white papers, and so on.
Read more about Ashish Kumar Tulsiram Yadav

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages