Using wizards to build dashboards
Using some of the queries from previous chapters, let's make an operational dashboard for errors occurring in our infrastructure. We will start by making a query (note that this query relies on the loglevel fields we created in Chapter 3, Tables, Charts, and Fields):
sourcetype="impl_splunk_gen" loglevel=error | timechart count as "Error count" by network
This will produce a graph like this one:
To add this to a dashboard, we perform the following steps:
Choose Create | Dashboard panel….
This opens a wizard interface that guides you through saving the query, adding it to a dashboard, and then scheduling the search. First, we name the search.
Note
As you create more dashboards, you will end up creating a lot of searches. A naming convention will help you keep track of what search belongs to what dashboard. Here is one possible approach:
Dashboard – [dashboard name] – [search name and panel type]. When the number of dashboards and searches becomes large, apps can...
