Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Splunk 7 Essentials - Third Edition

You're reading from  Splunk 7 Essentials - Third Edition

Product type Book
Published in Mar 2018
Publisher Packt
ISBN-13 9781788839112
Pages 220 pages
Edition 3rd Edition
Languages
Concepts
Authors (4):
J-P Contreras J-P Contreras
Profile icon J-P Contreras
LinkedIn
J-P Contreras, a Splunk-certified administrator and sales engineer, has delivered value-oriented data analytics and performance planning solutions for 20+ years. He has built award-winning consulting teams to help companies turn data into analytical insights. He helps companies implement Splunk and enjoys everything the Splunk community offers. He received his MBA in e-commerce from DePaul University's Kellstadt Graduate School of Business, Chicago, in 2001. He trains in DePaul's Continuing Education Program and is a member of DePaul's Driehaus School of Business Advisory Board. He'd like to thank his family, especially his wife and children, and close friends for making life so enjoyable.
See other products by J-P Contreras
Steven Koelpin Steven Koelpin
Profile icon Steven Koelpin
LinkedIn
See other products by Steven Koelpin
Erickson Delgado Erickson Delgado
Profile icon Erickson Delgado
LinkedIn
Erickson Delgado is an enterprise architect who loves to mine and analyze data. He began using Splunk in version 4.0 and has pioneered the use of the application in his current work. In the earlier parts of his career, he worked with start-up companies in the Philippines to help build their open source infrastructure. He then worked in the cruise industry as a shipboard IT manager, and he loved it. From there, he was recruited to work at the company's headquarters as a software engineer.
See other products by Erickson Delgado
Betsy Page Sigman Betsy Page Sigman
Profile icon Betsy Page Sigman
LinkedIn
Betsy Page Sigman is a distinguished professor at the McDonough School of Business at Georgetown University in Washington, D.C. She has taught courses in statistics, project management, databases, and electronic commerce for the last 16 years, and has been recognized with awards for teaching and service. She has also worked at George Mason University in the past. Her recent publications include a Harvard Business case study and a Harvard Business review article. Additionally, she is a frequent media commentator on technological issues and big data.
See other products by Betsy Page Sigman
View More author details

Table of Contents (10) Chapters

Preface Splunk – Getting Started Bringing in Data Search Processing Language Reporting, Alerts, and Search Optimization Dynamic Dashboarding Data Models and Pivot HTTP Event Collector Best Practices and Advanced Queries Taking Splunk to the Organization

Dynamic Dashboarding

Splunk makes it easy to visualize many different KPIs or reports in a single view using its dashboard functionality. For users to adopt the dashboard, it must be fast, easy to use, and carefully laid out to answer a variety of common queries. Splunk comes with a wide variety of chart types to visually represent your data, as you've seen in prior exercises in this book. Charts and reports can be organized into a dashboard layout with minimal effort. With practice, you can spin off a dashboard in a fraction of the time it would take if you were writing custom software to accomplish the same task.

In this chapter, we will cover the following topics:

  • Identifying different types of dashboards
  • Gathering business requirements for your dashboard
  • Modifying dashboard panels
  • Building multi-panel, dynamic dashboards showing relevant key performance indicators
...

Creating effective dashboards

Splunk is easy to use for developing a powerful analytical dashboard with multiple panels. A dashboard with too many panels, however, will require scrolling down the page and can cause the viewer to miss crucial information. An effective dashboard should generally meet the following conditions:

  • Single screen view: The dashboard fits in a single window or page, with no scrolling
  • Multiple data points: Charts and visualizations should display a number of data points
  • Crucial information highlighted: The dashboard points out the most important information, using appropriate titles, labels, legends, markers, and conditional formatting as required
  • Created with the user in mind: Data is presented in a way that is meaningful to the user
  • Loads quickly: The dashboard returns results in 10 seconds or less
  • Avoid redundancy: The display does not repeat information...

Types of dashboards

There are three kinds of dashboards typically created with Splunk:

  • Dynamic form-based dashboards
  • Real-time dashboards
  • Dashboards as scheduled reports

Dynamic form-based dashboards allow Splunk users to modify the dashboard data without leaving the page. This is accomplished by adding data-driven input fields (such as time, radio button, textbox, checkbox, dropdown, and so on) to the dashboard. Updating these inputs changes the data based on the selections. Dynamic form-based dashboards have existed in traditional business intelligence tools for decades now, so users who frequently use them will be familiar with changing prompt values on the fly to update the dashboard data.

Real-time dashboards are often kept on a big panel screen for constant viewing, simply because they are so useful. You see these dashboards in data centers, network operations centers...

Form inputs

With the dashboard layout complete, it is time to make it dynamic and interactive. Before jumping into the exercises, however, we'll review the key concepts related to form inputs first.

Just as in any web page, a form input is an element that allows you to select or type in information that will be submitted to the application for processing. There are different form inputs available for Splunk dashboards:

  • Text (key in free-form text)
  • Radio (uses a radio button convention)
  • Dropdown (uses a menu or list to select a single option)
  • Checkbox
  • Multiselect (similar to Dropdown, allowing you to select multiple choices)
  • Link list (this is a horizontal list that contains clickable links)
  • Time

In this list is also the Submit option. This is an action button. If you decide not to autorun the dashboard on change of input selection, the Submit button will execute the dashboard...

Creating a time range input

Let's change our input field into a time range field:

  1. On the list to the left for the first input, select Time.
  2. In the General section, type Select Time Range in the Label space.
  3. Click on the Search on Change checkbox.
  4. Enter time for the Token value.
  5. Set the Default time range to Last 24 hours.
  1. Click Apply when done.
  2. Use the following screenshot as a guide:
  1. Before you save the dashboard changes, click the Autorun dashboard checkbox, as seen in the following screenshot. Then click on Save:

You can now try to change the time range using the time input, but nothing will happen. This is because we have not yet configured the panels to react when the time input has been changed. In these next steps, we are adjusting the searches to consider the token filled by the input selection. Let us do that now:

  1. Go back to Edit to allow for dashboard changes...

Creating a radio input

Now, we are going to create radio inputs with dynamic searches used to drive the input value choices. This will allow users to select server and status types, and will affect the information rendered by the panels:

  1. Click on Edit.
  2. Select Add Input | Radio.
  3. Click on the Edit icon in the newly created input.
  4. In the Label field, type in Select Server:.
  5. Enable Search on Change by checking the checkbox.
  6. In the Token field, type server:
  1. Scroll down to Static Options and click on it. In Static Options, add Name as ALL and Value as *.
  2. Click on Dynamic Options, then fill in Search String, entering the following search command:
SPL> index=main | top server_ip
  1. Update the time range to Last 60 minutes.
  2. In Field For Label, type in server_ip.
  3. In Field For Value, type in server_ip:
  1. Now, scroll back up to Token Options.
  2. For Default, select ALL.
  3. For Initial Value...

Creating a drop-down input

Drop-down inputs function exactly the same as radio inputs. The former is used when the selection is huge and you do not want the list of choices to unnecessarily clutter the entire page. The http_uri field has numerous results, so this makes a dropdown the ideal candidate for input here.

Follow the same procedure as for radio input creation, but make sure you have selected Dropdown instead. Use the following information and screenshots as guides to complete the task:

  1. Click on Edit
  2. Select Add Input | Dropdown
  3. Click the Edit icon for the newly created input
  4. In the Label field, type in Select HTTP URI: to name your new dropdown
  5. As you did when you created a radio button, enable Search on Change by checking the checkbox
  6. In the Token field, type http_uri
  7. For Static Options, type ( Name: ALL, Value: * )
  8. Under Token Options section, in Default, select ALL...

Static real-time dashboard

In this section, we will create a real-time dashboard that will display crucial information based on the data we have. To encourage you, we present a screenshot here and show how it will look when we are done:

Test real-time dashboard with advanced indicators, combo charts, and choropleth charts

Single-value panels with color ranges

In the previous sections, you first created panels by running searches and then saving them as dashboard panels. You then started to modify the visualization in each panel. This is one way to build a dashboard. However, you may first want to see the visualization before adding it to a dashboard. We will use that method in this real-time dashboard exercise:

  1. Let&apos...

Creating a choropleth map

A choropleth map, whose name comes from two Greek words meaning area/region and multitude, is a two-dimensional map where areas are designated by color shades or patterns to indicate the measured strength of a statistical indicator, such as sales per area or crime rates.

We will not cover in detail the mathematical details of how a choropleth is created, but we are fortunate that we can use Splunk to provide this effective visualization tool for us. We will create two choropleth maps to denote bookings by region and traffic by region.

Since we don't have a panel to clone from, we will create this from scratch:

  1. Enter edit mode with the Edit button.
  2. Click on Add Panel.
  3. Select New | Choropleth Map.
  4. Change Time Range to a 1 hour window under the real-time presents.
  5. In Content Title, type in Traffic Choropleth.
  6. Type in this Search String, which includes...

Summary

In this chapter, you delved deeper into dashboard creation. You learned about the different types of dashboards and how to create them. You created a fully functional form-based dashboard that allowed you to change the inputs and affect the dashboard data, by using tokens and assigning them to search panels. Through this process, you also created and modified advanced visualization options. Finally, you learned how to create a real-time dashboard with advanced visualization panels such as Single Value with Trends and choropleth maps.

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 10
Next Chapter arrow right
You have been reading a chapter from
Splunk 7 Essentials - Third Edition
Published in: Mar 2018 Publisher: Packt ISBN-13: 9781788839112
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (4)

Left arrow icon
Profile icon J-P Contreras
LinkedIn
J-P Contreras, a Splunk-certified administrator and sales engineer, has delivered value-oriented data analytics and performance planning solutions for 20+ years. He has built award-winning consulting teams to help companies turn data into analytical insights. He helps companies implement Splunk and enjoys everything the Splunk community offers. He received his MBA in e-commerce from DePaul University's Kellstadt Graduate School of Business, Chicago, in 2001. He trains in DePaul's Continuing Education Program and is a member of DePaul's Driehaus School of Business Advisory Board. He'd like to thank his family, especially his wife and children, and close friends for making life so enjoyable.
Read more
See other products by J-P Contreras
Profile icon Steven Koelpin
LinkedIn
See other products by Steven Koelpin
Profile icon Erickson Delgado
LinkedIn
Erickson Delgado is an enterprise architect who loves to mine and analyze data. He began using Splunk in version 4.0 and has pioneered the use of the application in his current work. In the earlier parts of his career, he worked with start-up companies in the Philippines to help build their open source infrastructure. He then worked in the cruise industry as a shipboard IT manager, and he loved it. From there, he was recruited to work at the company's headquarters as a software engineer.
See other products by Erickson Delgado
Profile icon Betsy Page Sigman
LinkedIn
Betsy Page Sigman is a distinguished professor at the McDonough School of Business at Georgetown University in Washington, D.C. She has taught courses in statistics, project management, databases, and electronic commerce for the last 16 years, and has been recognized with awards for teaching and service. She has also worked at George Mason University in the past. Her recent publications include a Harvard Business case study and a Harvard Business review article. Additionally, she is a frequent media commentator on technological issues and big data.
Read more
See other products by Betsy Page Sigman
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Splunk 7.x Quick Start Guide
Splunk 7.x Quick Start Guide
Splunk is a leading platform and solution for collecting, searching, and extracting value from ever increasing amounts of big data – and big data is eating the world! This book covers all the crucial Splunk topics and gives you the information and examples to get the immediate job done. You will find enough insights to support further research for using Splunk to suit any business environment or situation.
Nov 2018 9 hours 56 minutes
Splunk Operational Intelligence Cookbook
Splunk Operational Intelligence Cookbook
This book demonstrates the power of Splunk 7.x to offer you quick solutions and strategies to bring efficient operational intelligence in your organization. Implement a wide range of tasks in recipe format to perform operations on machine data. Learn to achieve intelligent data-driven way using machine learning capabilities to explore complex data.
May 2018 18 hours 2 minutes
Mastering Splunk 8
Mastering Splunk 8
This book will cover Splunk's offerings to efficiently capture, index, and correlate data from a searchable repository all in real-time to generate insightful graphs, reports, dashboards, and alerts. Developers and architects alike can be in high demand if they become experts with this tool.
Dec 2020 15 hours 12 minutes
Implementing Splunk 7
Implementing Splunk 7
This book will help you implement Splunk 7's new services and will show you how to utilize them to quickly and efficiently process machine-generated big data. You will explore Splunk Cloud and the Machine Learning Toolkit and use them with ease throughout your organization. By the end of the book, you will have learned to implement these services in your tasks at work.
Mar 2018 19 hours 12 minutes
Big Data Visualization
Big Data Visualization
Uncover new approaches to big data visualization to make your analysis more effective and efficient with Big Data Visualization. Featuring in-depth coverage of big data analysis concepts together with industry-proven techniques, you?ll learn how to approach the challenge of big data visualization with confidence, ease and precision.
Feb 2017 10 hours 8 minutes
Learn Grafana 7.0
Learn Grafana 7.0
This book will focus on Grafana 7.0's features to build interactive dashboards to visualize and monitor data. You will cover the administrative aspects of Grafana and working with various plugins. By the end of this book, you will have enough knowledge to query, visualize, and understand your metrics and use the new improved security features.
Jun 2020 13 hours 40 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Et al.
Et al.
Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.
Aug 2023 7 hours 40 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Mastering Tableau 2023
Mastering Tableau 2023
This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.
Aug 2023 22 hours 48 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Data Engineering with AWS
Data Engineering with AWS
Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.
Oct 2023 21 hours 12 minutes
Modern Data Architecture on AWS
Modern Data Architecture on AWS
Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.
Aug 2023 14 hours 0 minutes
Practical Guide to Applied Conformal Prediction in Python
Practical Guide to Applied Conformal Prediction in Python
Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.
Dec 2023 8 hours 0 minutes
TinyML Cookbook
TinyML Cookbook
With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.
Nov 2023 22 hours 8 minutes
Right arrow icon