Advanced Visualizations in Splunk
Create and customize impactful visualizations & dashboards in Splunk
Splunk is the most popular operational data intelligence platform. Organizations use Splunk to collect, parse and index peta byte scale machine data. Splunk is used in IT operations, business analytics and SIEM (security information and events management). It provides a versatile query language (Search Processing Language or SPL) and rich set of visualizations that help users make sense of their machine data in numerous ways.
While Splunk provides numerous pre-built visualizations, customizing them to suit your needs can be challenging. Further, in order to add interactivity and dynamic drill down features in Splunk dashboards, one must understand Splunk’s simple xml code. In this course, I’ll walk you through the various customization options and explain how to write Splunk simple xml code. I’ll provide plenty of examples through demo to reinforce the concepts you will learn.
What you'll learn-and how you can apply it
By the end of this live, hands-on, online course, you’ll understand:
- Splunk’s visualization customization options
- Splunk’s simple xml syntax and use
- Factors affecting dashboard’s performance
- Splunk tokens and how to make use of them to add interactivity
And you’ll be able to:
- Customize Splunk visualizations. For example, override default color schema of a chart.
- Create Forms to get user input using drop down and check boxes.
- Enable dynamic drill-down in your dashboards.
- Use Event handlers in dashboards. For example, make a panel appear/disappear
- Significantly reduce the dashboard load time
This training course is for you because...
- You are a DevOps engineer trying to implement monitoring and automation
- You are a Security professional trying to use Splunk for threat hunting and incident response
- You are a business user trying to create reports and dashboards
- You are a software developer/architect trying to make use of Splunk for log aggregation and reporting.
- Basic knowledge of Splunk and SPL
- Basic understanding of the data you are trying to analyze
- You need to have at least user-level access to your organizations Splunk environment. (Power user access recommended)
- If you do not have access to a Splunk environment, obtain a free Splunk Cloud trial (valid for 15 days from the date of registration): https://www.splunk.com/en_us/campaigns/splunk-cloud-trial.html, or install Splunk Enterprise trial in your PC/Mac
- Beginning Splunk (Live Online Training, search the O’Reilly Learning Platform for an upcoming date)
- Creating Knowledge Objects in Splunk (Live Online Training, search the O’Reilly Learning Platform for an upcoming date)
About your instructor
Karun is an IT operations expert focusing on modernizing monitoring and observability. With over 20 years of experience, Karun has helped numerous companies transform their IT operations eco system. His area of expertise includes Log aggregation, Time series databases, Cloud Infrastructure and Machine data analytics. He is a Splunk Certified Architect.
The timeframes are only estimates and may vary according to how the class is progressing
Segment 1: Splunk SPL primer (25 minutes)
- Splunk platform basics
- Anatomy of a search
- Using fields
- Transforming search commands
Segment 2: Creating Dashboards (35 minutes)
- Creating a basic dashboard
- Adding Panels
- Introduction to input controls
- Editing simple XML
Break – 10 minutes
Segment 3: Forms and Input Controls (50 minutes)
- Introducing Drop down menu – 15 minutes
- Using dynamic options in drop down menu – 15 minutes
- Text boxes, Check boxes and multiselect – 15 minutes
Break – 10 minutes
Segment 4: Advanced customization (55 minutes)
- Customize chart colors
- Configure drilldown
- Configure event handlers
- Hide or Display panels
Break – 10 minutes
Segment 5: Improving Performance of Dashboards (30 minutes)
- Using Base Searches
- Using scheduled reports
- Accelerate reports
- Accelerate data models
Course wrap-up and next steps