How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards

Rollback to version 1

0:02 - 0:04

hello and welcome to the advanced Funk
0:04 - 0:08

dashboard in Showcase with me Dan
0:08 - 0:12

Gray I'm a qualified to blun architect
0:12 - 0:13

with some oford Associates I've been
0:13 - 0:16

working here for a year now and prior to
0:16 - 0:17

that I was in the Raw na for eight years
0:17 - 0:21

where I worked as a computer network
0:21 - 0:23

analyst so who are
0:23 - 0:25

sum specialist in everything Splunk and
0:25 - 0:27

we are an elite partner for licens and
0:27 - 0:28

Professional
0:28 - 0:31

Services uh we also offer workshop and
0:31 - 0:34

webinars such as this and if you're a
0:34 - 0:36

customer of ours you have access to the
0:36 - 0:39

dedicated technical support
0:39 - 0:42

l so what's the agenda of this webinar
0:42 - 0:44

so we're going to learn to make smart
0:44 - 0:46

and interactive dashboards of real data
0:46 - 0:49

are repealing uh that will help us
0:49 - 0:51

graphically illustrate our it operations
0:51 - 0:55

data using complex graphs and CHS but
0:55 - 0:57

really what we're going to do is we're
0:57 - 0:59

going to make simple effective
0:59 - 1:01

dashboards that communic
1:01 - 1:02

what you want to communicate across to
1:02 - 1:05

the end
1:05 - 1:07

user we're going to try and take
1:07 - 1:10

dashboards from this which is uh an
1:10 - 1:11

example of a bad dashboard that I've
1:11 - 1:14

made uh it's very cluttered not very
1:14 - 1:16

colorful it's really unclear what's
1:16 - 1:20

going on um but first look there's some
1:20 - 1:21

information in there we can see that
1:21 - 1:24

stuff's happening actions products are
1:24 - 1:27

being viewed uh and removed from carts
1:27 - 1:30

and stuff's happening really ineffective
1:30 - 1:30

grph
1:30 - 1:32

no accesses No
1:32 - 1:36

Labels um tables are not formatted
1:36 - 1:39

correctly uh really not a good example
1:39 - 1:41

of an effective
1:41 - 1:43

communication um of the data that sits
1:43 - 1:44

behind this dashboard I'm going to try
1:44 - 1:46

and take it from
1:46 - 1:48

that so something a little bit more like
1:48 - 1:51

this um this is using the same data
1:51 - 1:53

however hopefully it's a little bit more
1:53 - 1:56

illustrative of what's going on um we've
1:56 - 1:58

got revenue we've got graphs we've got
1:58 - 2:01

tables single value figure
2:01 - 2:03

um and a bit of color in there that
2:03 - 2:06

makes it a little bit more
2:07 - 2:09

digestible but before we are able to
2:09 - 2:11

make a dashboard we have to get started
2:11 - 2:12

with smunk if you've never used smun
2:12 - 2:14

before it's really straightforward to
2:14 - 2:16

get going head to the website and make
2:16 - 2:18

an account download the latest version
2:18 - 2:21

of SP Enterprise install it and then add
2:21 - 2:24

data and Away you go um when I say Ad
2:24 - 2:27

data anything that's human readable spun
2:27 - 2:30

can ingest and make sense of um whether
2:30 - 2:32

that's the logs from your own PC that
2:32 - 2:34

you're logging in or um you can get data
2:34 - 2:38

sets online such as uh the New York taxi
2:38 - 2:40

companies they' publish uh information
2:40 - 2:43

about taxi Journeys uh Eve online the
2:43 - 2:47

computer game you can get uh data dumps
2:47 - 2:49

from activities that have happened in
2:49 - 2:52

the game to help you um play around with
2:52 - 2:54

Splunk if you've not got access to um a
2:54 - 2:57

large computer network or or another
2:57 - 2:59

data source there's stuff resources out
2:59 - 3:02

there online where you can take data and
3:02 - 3:04

and get it into spun and then start
3:04 - 3:07

learning and playing around with
3:07 - 3:09

it once you've installed Splunk this is
3:09 - 3:12

what you'll be faced with um this is the
3:12 - 3:15

homepage looks a little bit different in
3:15 - 3:18

Version 9 um but all the same features
3:18 - 3:20

are there product tours uh really
3:20 - 3:22

straightforward navigation through the
3:22 - 3:24

guies of whichever product you've
3:24 - 3:26

downloaded adding data the most
3:26 - 3:29

important button um this is where you
3:29 - 3:30

really start
3:30 - 3:32

getting anything out of Splunk is by
3:32 - 3:35

adding different data sources as I said
3:35 - 3:37

it has to be human readable um but you
3:37 - 3:40

can take Network information logs events
3:40 - 3:41

and
3:41 - 3:45

metrics um Splunk apps that will take
3:45 - 3:47

you to Splunk base a website it's a
3:47 - 3:51

repository of apps uh and in in Splunk
3:51 - 3:54

apps means um a bundle of configuration
3:54 - 3:56

files
3:56 - 3:58

um there are apps for for numerous
3:58 - 4:01

different products um
4:01 - 4:03

any if you want to ingest a data source
4:03 - 4:05

the first place to look is on spun base
4:05 - 4:06

and see if someone's done the hard work
4:06 - 4:07

for you
4:07 - 4:10

already and then finally Splunk docs
4:10 - 4:13

it's the documentation for Splunk um
4:13 - 4:15

really well uh
4:15 - 4:18

maintained uh organized and makes sense
4:18 - 4:20

if there's uh something that you'd like
4:20 - 4:22

to do in Splunk it's very likely that
4:22 - 4:23

you'll be able to find out how to do it
4:23 - 4:26

by looking through the SP
4:27 - 4:29

documentation but this webinar is about
4:29 - 4:30

dashboards so how do we make a
4:30 - 4:34

dashboards so click on um the dashboard
4:34 - 4:37

button primarily and then next button
4:37 - 4:39

you'll click is create dashboards and
4:39 - 4:41

you will be faced with this P popup
4:41 - 4:44

here this is where you set the
4:44 - 4:45

parameters for the dashboard you're
4:45 - 4:48

making so um things that you need to
4:48 - 4:51

fill in um are the the dashboard title
4:51 - 4:54

the permissions whether they're using
4:54 - 4:56

classic dashboards or dashboard
4:56 - 4:59

studio in this webinar we'll be using
4:59 - 5:01

dashboard Studio
5:01 - 5:03

um classic dashboard and dashboard
5:03 - 5:05

Studio have different
5:05 - 5:08

functionalities um dashboard Studios the
5:08 - 5:11

newer version the newer offering by blun
5:11 - 5:12

and they're working to catch up with
5:12 - 5:14

some of the functionality from classic
5:14 - 5:17

dashboards um dashboard Studios also has
5:17 - 5:19

extra functionality that you can't get
5:19 - 5:22

in classic dashboards and as I said this
5:22 - 5:25

webinar will be using dashboard studio
5:25 - 5:27

so we'll see some of the functions and
5:27 - 5:28

uh settings and stuff that we can use
5:28 - 5:30

that are exclusive to dashboard
5:30 - 5:34

studio uh and finally absolute or grid
5:34 - 5:37

uh uh layout mode what that means will
5:37 - 5:39

be really much more obvious once we get
5:39 - 5:42

into editing the dashboard um but as it
5:42 - 5:44

says there if you choose absolute layout
5:44 - 5:46

you get full control of where you want
5:46 - 5:49

to place your panels whereas grid um
5:49 - 5:51

snaps to
5:52 - 5:54

location but before you do that start
5:54 - 5:55

with a
5:55 - 5:58

plan uh before making any dashboard you
5:58 - 6:00

want to go to your end user recustom
6:00 - 6:02

customer or if it's working on your own
6:02 - 6:03

behalf have a good think about what you
6:03 - 6:06

want this dashboard to show um this is a
6:06 - 6:07

really quick one that I knocked up in
6:07 - 6:11

Microsoft Paint um however this is the
6:11 - 6:13

sort of thing that I'd like to receive
6:13 - 6:15

from a customer at this point I'm not
6:15 - 6:17

particularly interested in what sort of
6:17 - 6:20

Spun queries um they want to run in the
6:20 - 6:22

background what I want to know is what
6:22 - 6:24

do they want their dashboard to show and
6:24 - 6:26

leave it up to me to figure out how to
6:26 - 6:28

to make that
6:28 - 6:30

work so on the left we have Hospital
6:30 - 6:34

dashboard um high level overview info
6:34 - 6:37

about number of patients um records
6:37 - 6:39

power and detailed View and a couple of
6:39 - 6:41

notes on the bottom make it look Sleek
6:41 - 6:44

include color coding and on the right
6:44 - 6:46

car a car factory example so if we keep
6:46 - 6:48

those two plans in our mind as we go
6:48 - 6:50

through we're going to see those
6:50 - 6:52

materialized to life as I said at this
6:52 - 6:54

point I don't want to know about the
6:54 - 6:56

data that powers these dashboards nor
6:56 - 6:58

the spunk searches that we'll need to
6:58 - 7:00

run to get it working I really want to
7:00 - 7:02

know what the customer wants out of
7:02 - 7:04

their
7:05 - 7:08

dashboard once you've got that um
7:08 - 7:09

perhaps
7:09 - 7:11

counterintuitively the first thing that
7:11 - 7:13

I suggest you do when making a a
7:13 - 7:14

dashboard is add a
7:14 - 7:17

background um the background can really
7:17 - 7:22

provide skeleton of your dashboard um
7:22 - 7:23

and it can really add context to the
7:23 - 7:25

data so here are a couple of
7:25 - 7:27

dashboards that we have uh prepopulated
7:27 - 7:30

perfectly fine dashboards not too busy
7:30 - 7:33

quite colorful um well labeled and make
7:33 - 7:35

sense but they could be taken to the
7:35 - 7:37

next level by adding a dashboard and
7:37 - 7:40

we'll see how just
7:40 - 7:43

now so here we have uh the left
7:43 - 7:46

dashboard without the u
7:46 - 7:48

background as we transition to the
7:48 - 7:50

background as we had in our planets
7:50 - 7:54

hospital um theme dashboard and we can
7:54 - 7:56

see that these lines that are connected
7:56 - 7:57

up the data these are part of the
7:57 - 7:59

background so the color lines and the
7:59 - 8:01

boxes are all part of the background
8:01 - 8:04

image um and we can really see how that
8:04 - 8:07

adds context to the data that we're
8:07 - 8:10

presenting next we
8:10 - 8:15

have um a car factory so instead of
8:15 - 8:18

um the bare panels we can we can arrange
8:18 - 8:22

those panels into uh the along the
8:22 - 8:24

background that makes sense and and at a
8:24 - 8:27

glance we can see um that this is to do
8:27 - 8:30

with production lines and where
8:30 - 8:33

[Music]
8:33 - 8:35

um where the data sits on that
8:35 - 8:37

production line so where the problems
8:37 - 8:39

may
8:39 - 8:41

occur so to do that how to add a
8:41 - 8:44

background here we have uh our view
8:44 - 8:45

after we've created a new dashboard
8:45 - 8:47

we'll be looking over here uh create a
8:47 - 8:49

background image so you can drag and
8:49 - 8:53

drop a an image file um and it will load
8:53 - 8:56

and and and be populated into your
8:56 - 9:01

dashboard or else you can add a URL
9:01 - 9:04

um out of the box there's a there's a
9:04 - 9:06

number of configured Whit list Whit
9:06 - 9:09

listed um URLs that SP will use to
9:09 - 9:11

populate backgrounds uh and those are
9:11 - 9:13

all spun
9:13 - 9:16

related if you have a website like we do
9:16 - 9:19

some for associates um you'll have to
9:19 - 9:22

whitelist that website in able to to get
9:22 - 9:27

your um image populating your
9:28 - 9:30

dashboards
9:30 - 9:32

so here I've used the URL that one of
9:32 - 9:34

the Splunk ones and um here's a good
9:34 - 9:37

point to to bring in some context to
9:37 - 9:39

this webinar we'll be using data that's
9:39 - 9:41

themed around a company called butterup
9:41 - 9:45

games this is the butterup games U
9:45 - 9:47

background but Cup games sell all sorts
9:47 - 9:51

of different things um nerdy apparl
9:51 - 9:55

games and things associated with those
9:55 - 9:58

um and we'll see the theme of that as we
9:58 - 10:00

go through the dashboard
10:00 - 10:02

uh so we've added the background and we
10:02 - 10:04

can see now that skeleton of of what we
10:04 - 10:07

want our dashboard to look like um it
10:07 - 10:09

will help in when we're arranging our
10:09 - 10:12

panels um where we want to put
10:12 - 10:16

them so how do we add our panels um well
10:16 - 10:17

the first thing to think about is the
10:17 - 10:20

best way to visualize the data that you
10:20 - 10:22

are trying to present whether that's
10:22 - 10:26

going to be a pie chart or a table or a
10:26 - 10:28

barop the location of panels and
10:28 - 10:29

orientation of panels those go Ahad hand
10:29 - 10:32

in hand um you want to try and tell a
10:32 - 10:35

story a logical story in your in your
10:35 - 10:37

dashboard um try and keep related things
10:37 - 10:39

nearby and make it simple for the user
10:39 - 10:42

to follow uh very importantly don't
10:42 - 10:45

overload with
10:47 - 10:49

information so how do we add a panel so
10:49 - 10:50

there's a few different ways you can do
10:50 - 10:52

it directly from the dashboard but in
10:52 - 10:54

this case we are doing it from a search
10:54 - 10:58

we've run so search is not
10:58 - 11:01

the um the topic of this webinar so we
11:01 - 11:02

won't dig too much into the search that
11:02 - 11:05

we have run suffice to say that I've run
11:05 - 11:09

a search here in Splunk and presented um
11:09 - 11:11

and ended up with a table so what you
11:11 - 11:13

need to do is you save
11:13 - 11:18

as over here and say it as an existing
11:18 - 11:21

dashboard and then simple as find your
11:21 - 11:23

uh dashboard make sure it's
11:23 - 11:25

ticked give it a panel title it's there
11:25 - 11:27

as optional uh it's definitely best
11:27 - 11:30

practice to give an a panel title that
11:30 - 11:31

really explains what that panel's going
11:31 - 11:32

to
11:32 - 11:35

do and then press save to dashboard and
11:35 - 11:36

there we
11:36 - 11:40

are we've added our first panel to our
11:40 - 11:42

dashboard um it's fine we can see there
11:42 - 11:43

we've got products we've got purchases
11:43 - 11:45

and the revenue that we're generating
11:45 - 11:46

off those
11:46 - 11:49

products um but we might be able to
11:49 - 11:52

improve it by using a
11:52 - 11:55

few uh formatting options so there's
11:55 - 11:56

loads and loads of formatting options
11:56 - 11:58

when you come in to make a panel and
11:58 - 12:01

dashboards themselves for that matter
12:01 - 12:03

some of them are on the screen now and
12:03 - 12:06

when we go to the live portion of the uh
12:06 - 12:07

of the webinar where I go into some
12:07 - 12:09

different dashboards we'll have a look
12:09 - 12:11

at some of the formatting options there
12:11 - 12:14

um but for this
12:14 - 12:16

case here's the same table after using
12:16 - 12:18

some formatting
12:18 - 12:21

options um I've used color for the for
12:21 - 12:24

the purchases to illustrate whether um
12:24 - 12:27

those are good numbers or bad numbers uh
12:27 - 12:28

and then added a couple of pound signs
12:28 - 12:30

there as well just to to show that
12:30 - 12:31

that's
12:31 - 12:34

um
12:35 - 12:38

money next um adding more panels so the
12:38 - 12:40

different types of panels that you can
12:40 - 12:42

add some of the different format and
12:42 - 12:45

options um choose your visualizations to
12:45 - 12:48

suit the data panel titles don't forget
12:48 - 12:50

those chart type and the time range
12:50 - 12:52

picker that will show you how far back
12:52 - 12:55

in time you want your dashboard to look
12:55 - 12:58

and drill Downs is an advanced or a more
12:58 - 13:00

advanced formatting option where
13:00 - 13:02

you can set the behavior if you click on
13:02 - 13:04

each panel what that behavior will do
13:04 - 13:07

we'll talk about that more in a
13:07 - 13:10

minute so I've just trucked a new panel
13:10 - 13:13

um this time a pie
13:13 - 13:15

chart continue to add panels to our
13:15 - 13:17

dashboard
13:17 - 13:20

um a few different visualization types
13:20 - 13:21

now we've got tables we've got pie
13:21 - 13:25

charts and we've got a stacked car chart
13:25 - 13:26

uh and finally down there on the bottom
13:26 - 13:28

right a single
13:28 - 13:31

value
13:33 - 13:34

uh don't forget to save your dashboard
13:34 - 13:36

as you're going through as we can see
13:36 - 13:39

there success dashboard saved um make
13:39 - 13:40

sure you save your dashboard as you go
13:40 - 13:41

along because if you navigate away from
13:41 - 13:43

it you might lose your
13:43 - 13:46

progress here we've added an image um of
13:46 - 13:48

the sum logo because I wanted to
13:48 - 13:51

illustrate um the drill down mechanic
13:51 - 13:54

that you can add to a
13:54 - 13:56

dashboard so how do we do that so we
13:56 - 14:00

click on the the image in this case or
14:00 - 14:03

um the panel or the object within the
14:03 - 14:05

dashboard and on the right hand side
14:05 - 14:07

you'll get a an options thing to
14:07 - 14:11

configure your um object and in our case
14:11 - 14:13

we're going to add a drill down so there
14:13 - 14:17

we go drill down settings add a drill
14:18 - 14:20

down um and then you've got onclick
14:20 - 14:23

options so there's stuff such as link to
14:23 - 14:23

another
14:23 - 14:27

dashboard uh link to a search um and you
14:27 - 14:29

can decide whether you want that in a
14:29 - 14:31

new tab all the tab that you're already
14:31 - 14:33

in um in our case we're going to link to
14:33 - 14:35

a custom URL so I've linked it there to
14:35 - 14:37

uh the summerfood website so when the
14:37 - 14:39

end user is using this dasboard if they
14:39 - 14:42

click that image they will navigate to
14:42 - 14:45

Summerford Associates
14:53 - 14:55

website I'll move on over now to the
14:55 - 14:57

live portion of the demo in which we're
14:57 - 14:59

going to have a look at three different
14:59 - 15:01

demo environments that we've spun up in
15:01 - 15:03

Splunk that are populated with fake um
15:03 - 15:04

fake
15:04 - 15:07

data but there's a there's a number of
15:07 - 15:08

dashboards that we can have a look at
15:08 - 15:11

and we'll see um some of the good and
15:11 - 15:13

bad points of those
15:14 - 15:16

dashboards so the first one I've clicked
15:16 - 15:19

into here Financial crime is the theme
15:19 - 15:20

of this
15:20 - 15:22

dashboard
15:22 - 15:25

um this is the what I would say the
15:25 - 15:27

executive summary page of this uh this
15:27 - 15:30

environment so the control room as it's
15:30 - 15:35

called um here we have uh a number of
15:35 - 15:38

panels uh that are well uh labeled so we
15:38 - 15:40

can kind of tell what's going on at a
15:40 - 15:41

glance we can see different accounts
15:41 - 15:45

there that are important um and a number
15:45 - 15:46

of different
15:46 - 15:49

visualizations in these environments
15:49 - 15:50

that spun's been up as demo sometimes
15:50 - 15:54

they use um use a visualization that
15:54 - 15:56

might not be the most uh applicable to
15:56 - 15:58

the data but mainly because they want to
15:58 - 16:00

just show off some the different uh
16:00 - 16:02

visualizations that are
16:02 - 16:04

possible uh but all in all not a bad
16:04 - 16:06

dashboard I would say at the top here we
16:06 - 16:08

could probably use a bit of color number
16:08 - 16:11

of potential account takeovers um 21 is
16:11 - 16:14

that good is that bad not too sure and
16:14 - 16:15

again they could have had trend lines
16:15 - 16:17

are we going in the right direction or
16:17 - 16:19

or or bad Direction um for this one I
16:19 - 16:22

wanted to show pretty sure they've added
16:22 - 16:24

uh the drill down so that's going to
16:24 - 16:26

open in a new tab it'll bring us to the
16:26 - 16:28

account takeover
16:28 - 16:30

dashboard um
16:30 - 16:31

enabling the analysts who who will be
16:31 - 16:35

using this to to dive deeper into the
16:35 - 16:38

account takeovers happening in this
16:38 - 16:41

environment again um lots of high level
16:41 - 16:43

stats across the top are they good are
16:43 - 16:46

they bad it's not clear whether
16:46 - 16:49

858 is a is a good number or a bad
16:49 - 16:51

number so they could have a bit of color
16:51 - 16:54

there and again a trend
16:54 - 16:57

line um here's one that we haven't
16:57 - 16:59

touched on yet mapping um you can add
16:59 - 17:01

maps to SL different types of maps
17:01 - 17:02

chloropleth
17:02 - 17:06

maps is this one and you can see
17:06 - 17:08

[Music]
17:08 - 17:10

there it's connections from Risky or
17:10 - 17:13

unusual countries so in your business if
17:13 - 17:14

you're expecting everyone to log in from
17:14 - 17:16

the UK or perhaps America and you're
17:16 - 17:19

getting a bunch of um loging attempts
17:19 - 17:21

from China that's probably suspicious
17:21 - 17:23

maybe something to have a look
17:23 - 17:26

at uh as we scroll down it's quite a
17:26 - 17:29

large dashboard but this I would expect
17:29 - 17:31

would be more for the analyst who's
17:31 - 17:33

actually working on it rather than
17:33 - 17:37

someone uh looking for a high level
17:38 - 17:42

overview we move on to
17:42 - 17:46

um the transaction fraud
17:49 - 17:51

page here we are again yeah so similar
17:51 - 17:54

sort of thing high level stats at the
17:54 - 17:58

top followed by uh a number of different
17:58 - 17:59

visualizations chart here with a trend
17:59 - 18:02

line on
18:02 - 18:06

um good use of different colors I
18:06 - 18:08

suppose the one I really wanted to show
18:08 - 18:10

off on this this one was the risk model
18:10 - 18:12

clustering
18:12 - 18:14

um takes a little while to load and
18:14 - 18:16

we'll see why once it actually
18:16 - 18:20

loads uh this I think in my opinion is
18:20 - 18:23

trying to be too clever um looked really
18:23 - 18:27

cool we have a 3D model of a of a risk
18:27 - 18:30

model that's moving in through 3D space
18:30 - 18:33

so there's there's a third access to
18:33 - 18:35

axis to this graph and as I said it
18:35 - 18:37

looks super cool it's different colors
18:37 - 18:39

and different things but it's not clear
18:39 - 18:42

to me at all what this graph is trying
18:42 - 18:45

to convey so um I guess the point I'm
18:45 - 18:48

trying to make there is make sure that
18:48 - 18:50

your end user understands don't go for
18:50 - 18:51

call points make sure that the end user
18:51 - 18:54

understands what which one I get
18:54 - 18:56

across they jump out of the financial
18:56 - 18:58

crime now into a to a separate
18:58 - 18:59

environment
18:59 - 19:03

um back to butterup games this is a
19:03 - 19:06

really good um example of a dashboard
19:06 - 19:08

actually very impressed with this
19:08 - 19:11

one the reason I set this um environment
19:11 - 19:13

up is because it had a really good
19:13 - 19:15

dashboard and a really bad dashboard um
19:15 - 19:17

but they've removed the bad dashboard
19:17 - 19:20

and they've left the good dashboard so
19:20 - 19:22

we'll give them some points and and tips
19:22 - 19:25

um or we'll talk about it a little bit
19:25 - 19:27

um it's not too busy this is the
19:27 - 19:29

entirety of the dashboard really good so
19:29 - 19:31

we can see customer locations it's
19:31 - 19:34

really obvious from uh the panel title
19:34 - 19:36

and the and and and the map what's going
19:36 - 19:40

on here um and then again really
19:40 - 19:42

straightforward use of
19:42 - 19:45

color the top country um and as you
19:45 - 19:47

click through it goes from yellow
19:47 - 19:49

through to red and the best thing about
19:49 - 19:53

this dashboard here is this um panel
19:53 - 19:58

here so they've used this panel as a as
19:58 - 20:01

a way to has a token through to the
20:01 - 20:04

graphs below so it's not really obvious
20:04 - 20:05

because the numbers don't jump around
20:05 - 20:07

too much um but as you click on each of
20:07 - 20:09

these
20:09 - 20:13

um operating systems the graphs below
20:13 - 20:16

change so to to reflect only that um
20:16 - 20:18

operating system so we can see here
20:18 - 20:21

Windows customers um have this level of
20:21 - 20:25

spending versus Linux customers
20:25 - 20:29

who have that level of spending um it's
20:29 - 20:32

a really cool Advanced feature um of the
20:32 - 20:35

dashboard using the panel to pass a
20:35 - 20:37

token through Pass information down to
20:37 - 20:40

other panels in the dashboard and act as
20:40 - 20:43

a as a very fancy filter so reset it
20:43 - 20:45

there back to
20:45 - 20:47

all the other dashboard in this
20:47 - 20:50

environment is the site status dashboard
20:50 - 20:52

again really impressive with really
20:52 - 20:55

impressed with this one um green and red
20:55 - 20:58

truly we know what those signify uh
20:58 - 21:02

green is good and red is is is bad um
21:02 - 21:03

again not too busy this is the entirety
21:03 - 21:06

of the dashboard here so we can see that
21:06 - 21:09

the site status um well we can see the
21:09 - 21:13

site status at a really quick glance um
21:13 - 21:15

successful versus unsuccessful and then
21:15 - 21:18

we can see the types of errors here that
21:18 - 21:20

are uh being reported and we can see
21:20 - 21:22

again the use of color that the very
21:22 - 21:25

deep red uh indicates that it's more
21:25 - 21:28

severe so again very effective dashboard
21:28 - 21:32

here simple use of color uh simple
21:32 - 21:35

number of panels even I as a non-web
21:35 - 21:37

developer can see that uh what's going
21:37 - 21:39

on
21:39 - 21:42

here and what's good and what's
21:42 - 21:44

bad uh the final dashboard that we're
21:44 - 21:45

going to have a look at or the final
21:45 - 21:46

environment that we're going to have a
21:46 - 21:50

look at is the infos SEC application and
21:50 - 21:52

the series of dashboards that I built in
21:52 - 21:55

there the infos app is a free app that
21:55 - 21:57

you can download from splint base uh as
21:57 - 22:00

I said before apps there a bundle of
22:00 - 22:02

configuration files that come
22:02 - 22:03

prepackaged along with a bunch of
22:03 - 22:05

dashboards and searches that that power
22:05 - 22:07

those dashboards um you can download
22:07 - 22:09

this from splint base for free all you
22:09 - 22:11

need to provide is the data to power
22:11 - 22:12

these dashboards and it will work just
22:12 - 22:14

as we're going to have a look
22:14 - 22:16

at the first one we're going to take a
22:16 - 22:19

look at is the executive view here we
22:19 - 22:22

can see a very high level view uh of
22:22 - 22:24

what's going on in this environment
22:24 - 22:26

story of this environment is that this
22:26 - 22:29

this network has been attacked now has
22:29 - 22:32

on it we can see here from across the
22:32 - 22:37

top uh red and blue uh attacks being
22:37 - 22:40

stopped and malware that has been
22:40 - 22:41

blocked in the last 24 hours and the
22:41 - 22:44

number of devices protected on the right
22:44 - 22:45

uh this dashboard is not very
22:45 - 22:47

interactive and I think that's probably
22:47 - 22:51

a designer's deliberate Choice um
22:51 - 22:54

because it's designed for the executive
22:54 - 22:57

view exactly as it says
22:57 - 22:59

um and you don't want to over that you
22:59 - 23:01

want to keep it very high level make it
23:01 - 23:04

very clear uh what's going on so that
23:04 - 23:06

the decision maker can make the decision
23:06 - 23:07

they need to
23:07 - 23:12

make next we'll take a look at security
23:12 - 23:15

posture a little bit more detailed uh
23:15 - 23:16

lots of different visualizations in this
23:16 - 23:19

one again the use of color they've used
23:19 - 23:22

red and blue here
23:22 - 23:24

um these are showing up as red because
23:24 - 23:28

considered as bad um if the the number
23:28 - 23:29

was different
23:29 - 23:31

it wouldn't be red and you can configure
23:31 - 23:34

those thresholds however you'd
23:36 - 23:38

like um like I said number of different
23:38 - 23:40

visualizations bar charts and graphs
23:40 - 23:41

here we don't have so much information
23:41 - 23:44

in this because it's a demo environment
23:44 - 23:46

it's just been spin
23:46 - 23:47

up
23:47 - 23:52

um going through to uh the network
23:52 - 23:54

traffic dashboard this is a good one to
23:54 - 23:56

look at um this is the one that really
23:56 - 23:57

tells the story of this
23:57 - 23:59

environment number of different tables
23:59 - 24:01

and different visualizations with
24:01 - 24:03

effective color format
24:03 - 24:06

in um this is the panel of Interest I
24:06 - 24:09

wanted to show for this demo using these
24:09 - 24:12

um boxes here we can filter to different
24:12 - 24:13

things and there's a nuer numerous
24:13 - 24:15

different ways to do that we can type
24:15 - 24:17

right in there currently populated with
24:17 - 24:19

an asteris which is the Wild Card
24:19 - 24:21

character for Splunk which means
24:21 - 24:23

everything um or we can click down in
24:23 - 24:26

this table here click on bit torrent and
24:26 - 24:29

that will populate the filter here at
24:29 - 24:31

the top and then we'll see all of the
24:31 - 24:34

hosts and information specific to the
24:34 - 24:36

bit torran um
24:36 - 24:39

app we can see here uh not important for
24:39 - 24:40

this time but what we can see is that
24:40 - 24:41

there's a number of hosts that have been
24:41 - 24:43

using bit torrent and accidentally
24:43 - 24:44

downloaded some
24:44 - 24:46

malware um but from the dashboarding
24:46 - 24:47

point of view we can see the different
24:47 - 24:50

sort of panels and formatting options
24:50 - 24:52

and the different ways to add different
24:52 - 24:55

filters um and how to populate those
24:55 - 24:57

filters by using the drill down
24:57 - 24:59

actions next one I wanted to take a look
24:59 - 25:02

at is under the advanced uh threats Tab
25:02 - 25:04

and network
25:04 - 25:07

anomalies this panel uh down at the
25:07 - 25:08

bottom is one of my favorite panels that
25:08 - 25:11

I get to show off because it
25:11 - 25:14

shows as it
25:14 - 25:17

loads access anomalies rather because it
25:17 - 25:19

shows uh one of the real powers of
25:19 - 25:22

Splunk it's taking information from
25:22 - 25:24

disperate data sources and giving you
25:24 - 25:25

conclusions that you might not have been
25:25 - 25:28

able to find if you were um operating in
25:28 - 25:31

data signers so here we have
25:31 - 25:34

geographically improbable
25:34 - 25:38

access um we can see here that the user
25:38 - 25:41

eford was in the city of gizer in Egypt
25:41 - 25:44

and then a very short time later he was
25:44 - 25:47

in Japan um just for a bit of
25:47 - 25:49

information a bit of fun you can see
25:49 - 25:50

there the speed at which he may have had
25:50 - 25:53

to travel to to make that condition true
25:53 - 25:55

he'd have to have moved around the world
25:55 - 25:59

at uh 1,281 miles hour and
25:59 - 26:01

Splunk is flagging up that it's very
26:01 - 26:03

improbable that this one guy is in these
26:03 - 26:07

two places at such close um period of
26:07 - 26:09

time and what I said about bringing data
26:09 - 26:11

together and not keeping it in silos so
26:11 - 26:13

in one um data repository you have the
26:13 - 26:17

fact that efield has logged in uh and in
26:17 - 26:18

another data C you have geographic
26:18 - 26:20

information and you stick those two
26:20 - 26:22

together and you can see here that this
26:22 - 26:25

guy is probably not withen around the
26:25 - 26:29

world like Superman and you may have uh
26:29 - 26:33

the indications of a compromise of this
26:36 - 26:38

account um that's all I wanted to show
26:38 - 26:41

in in the infos SEC application so we'll
26:41 - 26:45

go back to the PowerPoint
26:45 - 26:48

um so last thing I wanted to speak about
26:48 - 26:50

is the upcoming events um sum food are
26:50 - 26:52

always running workshops and events if
26:52 - 26:54

you want to find out what's coming up uh
26:54 - 26:56

navigate over to the website and have a
26:56 - 27:00

look um suit associates.com SL events
27:00 - 27:01

and we can see here the specific Splunk
27:01 - 27:04

events but we do do um events and other
27:04 - 27:07

Technologies too uh check out all the
27:07 - 27:08

upcoming webinars and workshops that
27:08 - 27:09

we're
27:09 - 27:11

hosting and if you want to join uh just
27:11 - 27:12

click on the register button and
27:12 - 27:14

sometimes you even get a little uh
27:14 - 27:16

goodies if you
27:16 - 27:19

join if you have any questions please
27:19 - 27:21

feel free to uh email info suf
27:21 - 27:23

associates.com that's questions about
27:23 - 27:26

Splunk or dashboarding specifically but
27:26 - 27:28

also any wider questions about sumed and
27:28 - 27:30

spun in
27:30 - 27:32

general thank you for attending this
27:32 - 27:35

webinar uh it's been a pleasure to speak
27:35 - 27:36

to you about dashboarding hopefully you
27:36 - 27:41

learn something and uh for now
27:41 - 27:44

goodbye

Title:: How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards
Description:: more » « less
Video Language:: English
Duration:: 27:42

	OEVIDEOS edited English subtitles for How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards
	OEVIDEOS edited English subtitles for How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards
	OEVIDEOS edited English subtitles for How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards
	OEVIDEOS edited English subtitles for How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards

English subtitles

Revisions Compare revisions

Revision 4 Edited

OEVIDEOS
Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	4	OEVIDEOS
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

How to Create Advanced Splunk Dashboards, Panels and Reports — Creating Management-Ready Dashboards

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)