11_PL_Splunk Dashboard Studio (Splunk_11) By Splunk & Machine Learning

 

1. Dashboard Notes: 

• Login Splunk – Apps – Manage – Splunk Dashboard Studio – click “Launch App”

• To Create a Dashboard – Search > Dashboards > Create New Dashboard > 

• provide  Title, description 

• Chooses 

• Classic Dashnboards 

• Dashboard Studio

• Absolute or

• Grid

• Playlist LInk
  
  

1. Dashboar7d Studio Menus

1. Add Chart

2. Add Input

1. Dropdown

2. Multiselect

3. Text

4. Number

5. Time Range

3. Add Icon

4. Add Shape

1. Ellipse

2. Rectangle

3. Line

5. Add Image

6. Add Markdown Text

7. Configuration

8. Datasource

9. Source code

10. Help LInks

2. Dashboard

• Canvas

• Background image

3. Datasource

• Ds.savedSearch

• Ds.search

• Ds.test

• Ds.chain

• 
  

2. #Introduction to A new way of building dashboard in Splunk 8.2!! – 24:10

• Splunk Dashboard Studio is an APP

• Very customizable

• Types in Dashboard Studie > Grid Vs Absolute 

• Source code in json

• Classic Dashboard 

• Classic Dashboards (Simple XML) 

• Simple XML with JS extension 

• HTML Dashboard (Not recommended,  will be deprecated)

• Source code in html

• Go to the settings > find Splunk Dashboard Studio > Launch

Go to Search & Reporting – Go to Dashboard – create dashboard – this will show two options -  Classic or Dashboard studio

Dashboard studio has two visualizations – Absolute or Grid

3. #UI tour and discussion on base & chain search data source – 28:21

4. #Discussion on saved search data sources

• Added image in background of the Dashboard

• Added visualization

• Added Data – Base search -  query and chain search query

• We can see the Dashboard code (Json)

• Data Overview

• Seach 

• Base Search

• Saved Search

• Chain Search

• JSON Datasource Parts are Visualizations, Datasources,Defaults (data source),  inputs, layouts, description ,Title

• {

•     "visualizations": {},

•     "dataSources": {},

•     "defaults": {

•         "dataSources": {

•             "ds.search": {

•                 "options": {

•                     "queryParameters": {

•                         "latest": "$global_time.latest$",

•                         "earliest": "$global_time.earliest$"

•                     }

•                 }

•             }

•         }

•     },

•     "inputs": {

•         "input_global_trp": {

•             "type": "input.timerange",

•             "options": {

•                 "token": "global_time",

•                 "defaultValue": "-24h@h,now"

•             },

•             "title": "Global Time Range"

•         }

•     },

•     "layout": {

•         "type": "absolute",

•         "options": {

•             "width": 1440,

•             "height": 960,

•             "display": "auto"

•         },

•         "structure": [],

•         "globalInputs": [

•             "input_global_trp"

•         ]

•     },

•     "description": "Tmp Poov",

•     "title": "TmpDashboard"

• }

• Datasource should have unique name “ds_xxxx” 

• Datasource types incode are : type : “ds.savedSearch” or ds.search or ds.chain

• Ds.savedsearch for schnedule job

• Ref for reference of the saved search to refer

• ??? what is app? How can we create?

• Ds.savedSearch syntex

5. #How to create mock data using ds.test datasource

6. #Discussion on single value icon visualization

https://www.kaggle.com/

Data and images used in this video can be downloaded from the below repo, https://github.com/siddharthajuprod07... 

Data also can be downloaded from Kaggle: https://www.kaggle.com/josephassaker/... 

Image downloaded from https://pixabay.com/

Single value > icon or 

7. #Discusiion on Single Value visualization with trend

• Sparkline

• Radial chart

• Search query by using table 

8. #Discussion on Dynamic Options Syntax (DOS)

• https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/DashStudio/DashStudioDynOptions

• Go to the code – 

• Formatting functions

• Links provided

• Docs syntexc - https://docs.splunk.com/Documentation/Splunk/8.2.3/DashStudio/dynamicOptionsSyntax

• Selector and formatting functions: https://docs.splunk.com/Documentation/Splunk/8.2.3/DashStudio/selectorFormattingFuncts

• Object options and defaults reference: https://docs.splunk.com/Documentation/Splunk/8.2.3/DashStudio/Comparison#Single_value

• Code used in this video can be downloaded from the below repo, https://github.com/siddharthajuprod07/youtube/blob/master/DOS/dashboard_code.json

9. #Working with inputs and tokens - PART 1

• Single visualization – country in drop down – based on the dropdown value the text, sparkline etc to be displayed

• Add Input – choose Dropdown to hold country names

• Dropdown configuration is Title, Token Name,

• Develop search then attach with dropdown

• Add data source in dropdown visualization

• Program changed from country  to generic 

• Submit button introduced.

• Submit button gives wrong functionality – not good

10. #Working with inputs and tokens - PART 2

• As Submit button has some flow removed

• Multi - selection now

• ClearDefaultOnSelection = true

• Filter by where before time chart – it is good

11. #Working with inputs and tokens - PART 3

• span in days – user can increase or decrease the time span in days

12. #How to visualize geospatial data

• Create maps in dashboard studio

• Csv file for vendor details from multiple countries

• Details based on the vendor

• 
  

• Either Bubble or Marker to show locations in the map

13. #Discussion on table formatting