Splunk: Using Dynamic Panels

In most of the Organizations, many dashboards come with the big list of panels flooded on the dashboard. As a result, single page dashboard becomes multiple page report. To avoid this Splunk provide an option to create dynamic panels means we can hide panels from the dashboard when the search query is not returning any results.

E.g. consider below picture is one of the critical dashboards with multiple panels leaving supporting to ensure all panels are looked after

dyna

Where below dashboard is the same dashboard as above but with dynamic panels where the output is not shown when searches returned 0 records. This will help support team to monitor effectively with the right amount of data.

dyna2

We just need to make following changes in the dashboard code if we need to change panel visibility dynamic.

  • Linking panel to unique condition token_id

<panel depends=”$cond_token_a$” >

<search><query> —– </query>

<done>

<condition match=”‘job.resultCount’ &gt; 0″>

<set token=”cond_token_a”>true</set>

</condition>

<condition>

<unset token=”cond_token_a”></unset>

</condition>

</done>

</search>

</panel>

In above example, I am setting token to true when search returning at least 1 row. We can change this to any static value or can provide additional filtering in the search string as well.

The code remains same for any dashboard, we just need to ensure to give unique token id for each dynamic panel.

Thanks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s