SPLK-1003 Splunk Enterprise Certified Admin – Splunk Inbuilt & Advanced Visualizations Part 5

16. Out Of The Box Dashboards Examples

In order to learn more about visualization in Splunk, we need to know more about the dashboards available and the capability of accommodating out of box visualization inside Splunk. For that we have an app called Splunk Dashboard Examples So which contains lot of inbuilt app and their queries and how you can customize this inbuilt visualization into much more complex visualization we will see in our lab. We have installed this app as part of this discussion we’ll be going through all the visualization and how to include our custom JavaScript and CSS into our visualization and also we can choose any of the visualization that are already present and we can use them as part of our dashboards. So let us go into our lab. This is one of the searches where we have installed Dashboard Examples app. Let’s get inside the app.

So this dashboard example app will also be as part of your lab exercise, where this will be automatically installed when you get the access so that you can explore more visualization, probably rerun those search queries, create your own by uploading your data and explore more in our lab environment, which is built on top of Amazon. AWS. Here are some of the basic elements. It says this is our Splunk dashboard examples that we have installed on our searcher. So it says these are some of the basic elements that are chart element table, autocrat table, single values, map elements, event viewer like to see the raw events and we can create our own HTML source. Let us see these dashboards one by one so that next we can move on to our charting element. So we got a slide warning saying we have exceeded concurrent searches but it’s okay, it should be able to load.

So these are some of the chart elements that are available as part of this dashboard example. If you want to view the source, you can go to click on Search so that you’ll be able to see the search query that is being populated for this visualization and you’ll always find a short description and the XML content of what this dashboard contains.

So this is actually a good starting point to understand the visualization and what are the possibilities. In splash we will see some more of them table, how to display a table of results and how a single value can be visualized. As we can see, there is a slight text over on top below there is a arrow mark or a small trend line that is going below your chart. Lot of information that can be indicated as part of your visualizations. These all are possible, it’s a matter of customization. These are some of the map elements where you can customize the theme, how it should look and these are the default visualization which are available as part. And if you know a bit of CSS, you can create your own CSS in order to fill up these colors. These are some of the event weaver like you can display them as raw events, that is as per your log without any added value.

Or you can display them as per tabulated values, showing them what each value contains as part of your logs. And you can create your own text displays using HTML codes. All you have to do is edit a HTML element that is HTML tag input whatever the text you want to display over on dashboard it will be displayed as part of instruction or documentation. So these are some of the examples. If you go to charting elements, there are a lot more options where you can see stacked up charts, line chart and this is new trellis visualization layout. This is part of only six version. In the previous versions it was not available and we have seen some gauges previously. Chart color Option how to change the colors of the chart as part of previous video. We have covered like options, tags. One of the options will be your color element which is representing the charts. These are some more tabular columns. These are actually cool where you will get a small visualization warning or clear signal stating the same. As you can see, it has some of the categories split by invalid merchant invalid transactions issuer unavailable lost card Pickup these are a use case which are compared as part of credit card industry.

17. Out Of The Box Journey Flow

These are the options that need to be said for these charts. As you can see, these options are more valuable so that you can quickly buy a glance without knowing what these values are. You can know whether it’s bad or good. So this is something good to implement. So in this we can see we have included a custom CSS file and also custom JavaScript. You don’t need to code this in order to build this. It’s already available as part of this app. You can just copy paste them so that these JavaScript and CSS file will be as part of your dashboard itself. You can play a lot around visualization in Splunk since it allows your JavaScript and CSS and it gives you information as part of your search results. You can visualize it however you would wish to. You’ll see some more visualization. These are coloring based on geographical, these are based on range bound. Most of them will be able to understand depending on the use case or the scenario which you are looking at.

There are some drill down field values which we have seen earlier. So once you have time, go through the lab where we have set up the dashboard examples and go through each and every visualization. So you would have a brief idea about what can be done inside Splunk. As you know in Splunk by now you should be aware that nothing is impossible. It’s a matter of customization. If you are good with JavaScript and CSS, you can build any visualization you want. If you are good with importing external data inside Splunk, you can integrate anything with Splunk. So it’s always as for a requirement perspective in Splunk, but it’s the awareness of admin and architect to know what extent their Splunk can handle this. As per me, I have not even seen one scenario where Splunk fails. As of now, in my experience of four to five years of implementing Splunk, if you want to grade scripted input, if you want to integrate third party database, if you want to fetch a threat information from a third party, it can be done. If you want just geolocation information which is a third party site which is holding all the information related to cars and they need to track their car.

The data is not available in Splunk but you can query their database and the vehicle hierie you’ll be able to display this visualization in your Splunk. So it’s a matter of how you do it rather than whether it’s possible or not in Splunk. And this is one of the most commonly used in order to traverse a user following through your website or a site where how the user is interacting with the site very started off and very logged off this kind of information. This can also be used for network traffic flow saying a source IP communicated to how many different visualization. So here we need another add on to be making it work. But as you can see this is a in shell barriers that works as part of your traffic flow. Probably this would give you a better picture where it says user landed on category screen, then he visited the product, then he added it to cart and there was a car error. So you can see these many users faced a car terror and some of them they successfully checked out with the selected product.

This can also similarly be a visitor or a malicious user visited your site, tried to manipulate or penetrate your environment, it was blocked by IPS or your IDs solution and it was terminated. If it was bypass, it bypassed and entered your environment to reach your back end server. So this can be your network flow and also it can be represented as a traffic flow for a customer. It completely depends on the scenario which you are dealing with and how you can use this visualization in order to put forward your ideas. These are some of the examples as part of your dashboard and also there are lot mini dashboard that comes as part of this example app where you can see those individual dashboards are based on specific JavaScript, CSS or any XML configuration that has been edited. You should be able to view the source based on the available dashboard. As you can see there are a total of 97 dashboards and these are all most of them are only by this app. If I click on this app, it sorts out all the apps that is like 97 dashboards which are present as part of your dashboard example. You can go through them one by one when you have access to the lab.

18. Exporting And Scheduled Dashboards

Now we have understood more about dashboards, that is how to create a dashboard, how to create a drill down, how to create workflows, how to narrow down the issues, what are the different visualization that are part of splunk in built and how to bring in out of the box visualization using JavaScript or CSS. We have seen all this information as part of Dashboard dashboards. Now let’s quickly finish off couple of small topics that is scheduling a dashboard and also sharing the dashboards. So as you all know by now, whenever you create a dashboard by default it will be available only for you. That is private only through the owner of the dashboard. Let’s say I want to share this dashboard. Once I have finalized this, I need to share it with my team or other users of the splunk. You need to go to the dashboard and select the dashboard.

Whichever you would like to share it, click on Edit edit permission and by default it will be under owner. Once you select app where all the people who are using search and reporting app will be able to see this dashboard but not Edit. But if the users are member of Power or Admin group they will be able to modify this dashboard. The similar fashion if I click on all app users belonging to any splunk like splunk instance of any other apps also will be able to see under this dashboard under the other apps also including it might be dashboard examples, app or other custom apps which you’ll be creating at the later stage. This dashboard will be visible all over the splunk instance, but this will be editable only by admin and the power user. Now we know how to share this.

Let’s say I need to share this via email. I need to export this dashboard in order to export this dashboard, open up the dashboard. There will be an option to export as PDF so where it creates a PDF and you can download this and share via email. As you can see, there is an export PDF option under export. So once you have clicked it automatically generates a PDF which you can download. As you can see it has already downloaded. So this is the PDF that was generated. The complete dashboard is loaded as multiple panels fitting multiple pages. This formatting is not controlled by any way splunk, admin or architect. This is complete splunk application which describes the formatting during the generation of your PDF. If you want this to be as part of same format whichever you see as part of your console, you can go for print option which prints the complete page as you are seeing it. You can use print option rather than exporting because exporting might break your formatting and place the information in some other row or column. Print would be a best option for storing and saving your dashboards.

One more additional option that is scheduling a dash for email delivery. So this option is presently unavailable because it contains filters. Any Dashboard with filtering or form objects which consists input cannot be scheduled for PDF delivery. If you want this to be delivered as PDF, you need to create an additional Dashboard without any filters or form objects. Let us see our inbuilt visualization Dashboard. This should be able to export or schedule it as part of our PDF delivery because it doesn’t contain any form or token usage in this Dashboard that is click on export. As you can see, there is a schedule PDF delivery. This scheduling is similar to scheduling an alert or an report which we have seen in previous videos. So schedule choose the time which, when it has to run some specific time, which is supposed to deliver this email probably 510 minutes earlier, and the email address you can give a brief subject name and the description of what this Dashboard contains.

And HTML or plain text is for your message and your subject and the paper size which is the important parameter, because if you choose a four, as you can see as part of our downloaded PDF, it would be a four size and it would break it down into multiple pages. And for better visualization, you might choose for letter size or a two size which will show you or accommodate more panels in a single room. So I have selected a two year and I am checking for preview PDF to see how my PDF fits in my a two visualization. So my PDF has been generated. As you can see, this is my a two visualization which is still ugly. The PDF delivery of Dashboards the formatting might not look feasible as you look directly in splunk, so it’s always better to look at these Dashboards as part of your splunk soon.