Home chart chart type commands dashboard dashboard type graphs panel time chart time syntax Manipulating data to create chart

Manipulating data to create chart

, , , , , , , ,

Manipulating data to create chart
Splunk has great visualization features which shows a variety of charts. These charts are created from the results of a search query where appropriate functions are used to give numerical outputs.

Splunk is very powerful, and there are a lot of commands to manipulate data




Changing the Chart Type

We can change the chart type by selecting a different chart option from the chart name. Clicking on one of these options will produce the chart for that type of graph










Formatting a Chart

The charts can also be formatted by using the Format option. This option allows to set the values for the axes, set the legends or show the data values in the chart. In the below example, we have chosen the horizontal chart and selected the option to show the data values as a Format option













How to specify relative time modifiers

You can define the relative time in your search with a string of characters that indicate time amount (integer and unit). You can also specify a "snap to" time unit, which is specified with the @ symbol followed by a time unit.
The syntax for using time modifiers is [+|-]<time_integer><time_unit>@<time_unit>
The steps to specify a relative time modifier are:
  1. Indicate the time offset from the current time.
  2. Define the time amount, which is a number and a unit.
  3. Specify a "snap to" time unit. The time unit indicates the nearest or latest time to which your time amount rounds down.







Eventually, with the graphics, you would be able to make a dashboard with panels live the graphic below

Those dashboards are powered by reports/saved searches and are usually referred as views

Many pre-build dashboards use a variety of knowledge objects (saved searches, macros, datamodels) like the ones that we have seen before, to visualize de data







Types of Splunk dashboards

There are three kinds of dashboards typically created with Splunk:
  • Dynamic form-based dashboards
  • Real-time dashboards
  • Dashboards as scheduled reports
Dynamic form-based dashboards allow Splunk users to modify the dashboard data without leaving the page. Users who frequently use them will be familiar with changing prompt values on the fly to update the dashboard data.

 Real-time dashboards are often kept on a big panel screen for constant viewing, simply because they are so useful. You see these dashboards in data centers, network operations centers (NOCs), or security operations centers (SOCs) with constant format and data changing in real time. The dashboard will also have indicators and alerts for operators to easily identify and act on a problem

 Dashboards as scheduled reports may not be exposed for viewing; however, the dashboard view will generally be saved as a PDF file and sent to email recipients at scheduled times. 



So, after you get all your charts and all your pannels, your dashboard should look like this







If this article was useful, and you learned something, please click like
Manipulating data to create chart Manipulating data to create chart Reviewed by ohhhvictor on May 11, 2020 Rating: 5

No comments:

Subscribe to: Post Comments ( Atom )
photo imagen120.jpg
Theme images by 5ugarless. Powered by Blogger.