Getting started with Splunk

11. Building Dashboard Inputs - Time Range Picker

Hey everyone, and welcome back. Now in the previous video, we were discussing the basics of dashboards and panels, where we had created a dashboard called the access log dashboard. And we had a pie chart and a columnchart here, and we also had a nice little dark theme, typically if you look into the dashboard. So I currently have the Splunk AWS app installed. Now, within this AWS app, there are a lot of different types of panels. You have a geolocation base. Along with that, you also have inputs here. So one of the inputs that you see is the time range, where if you want to see the data from the last seven days, you might also want to see the data from the last 24 hours. So you see, after you change from seven days to twenty-four hours, everything gets refreshed. Let's try it out once again. Let's say 30 days. So you see, now everything is getting refreshed. So the time range is one of the aspects which is very important. And the same goes with the dashboards over here. Now, since we have top-category products, it is important for management to see what the top-category products are from the last 24 hours, maybe the last seven days, last 30 days. So this is why having a time rangepicker is important for the dashboards that you design. And in today's video, we will be looking into how we can create a time range speaker. Now, in order to do that, what you have to do is you'll need to go to the edit button and you'll have various panels over here. Now in the panels you have various things like cluster, map, filter, gotch piechart, area chart, column chart. So this is something that you can either add it here or you can create a SPL query and add it from the splunk search. A panel is something that we are not interested in because we already have it here. So we are interested in input. Now, there are various inputs which are present. Over here you have text input, a drop down checkbox, and one among them is time. So we will design a time range that is something similar to what you see in the AWS app. So we'll go to input. We'll select time. Now, within here, you see you already have a time preset. So these are the built-in presets that you can use. And what you can do here, you need to go to edit. Within the edit, you now have the option to What is the default value? So the default value is 24 hours. Now, the same goes with the splunk cap for AWS. Let's go to a spelling bee for a year. And you see, by default, the timerange is taking up seven days. So this is the default value that is associated with the time range picker. Now, you can put in 24 hours or you can put in something that is according to what you intend to do, and you can click on search to change the search engine. Essentially, just as when changing from 24 hours to all time, when changing from seven days to 30 days, all dashboards are refreshed. So this is what we intend to do and you can click on apply and you can click on save here. So now you have the time range picker. Now, if I try and change from 24 hours to 4 hours, you will see it is not really affecting anything. Now the reason why it is not affecting anything is because this is just an individual time range speaker. It is not connected to the dashboards that you have. So basically, all the dashboards that you have over here need to be connected to the time range pickup that you have created within your dashboard. And this is very important. So we need to edit this dashboard so that they can be connected to the time range pickup. So we'll return to edit here to the time range speaker. Let's click on edit, and there is a field called a token. And let's say that I'll say Pimin and the default timing is 24 hours and I'll click on save. So once I've applied it, the next thing that you need to do is click on edit search and the time range is used in the time picker. Instead of that, we'll use the shared time picker. We've given the token value of timing here. So we'll select this and we'll click on apply, and the same goes with the second dashboard. We'll click on "edit search." We'll select the time range as the shared time picker timing. We'll click on "Apply" and we'll click on "Save." Perfect. So now you have clicked on save. You see, now the search is really waiting for input. It does not really find any data from the last 30 days. So what we'll do is change from the last 30 days to all time and you'll see it's still not present over here. So what you basically need to do is just do a refresh once. And now if you go to alltime, you see the dashboards are appearing. Now if you go back to the last 24 hours, the dashboards went away because there was no real data in the last 24 hours. So this is what the time range speaker is all about. Now just to make something similar to this, you will see you have a time range over here. It is becoming easier for people to understand what this is. So if you want to add it over here, you can quickly do that. You can click on edit, and in the label you can set a time range and click on apply. And now if you do a sale, you have a time range over here. Now one more aspect that I wanted to show you is that you can also include a submit button. So the submit button is something that you can see, input, and you can click on submit. So this is something that you might have seen many times in your splunk. So basically, what you might want is that you do not want it. If someone clicks here, it should automatically do it. So this is where the submit button really comes into the picture. And maybe, depending upon how you would like to design, you can add a submit button here. Now, just in case, if you will see,let me quickly do an edit. I'll say search on change. I'll deselect this, I'll click on apply, and I'll do a search. So. If I spend all my time here, you will see that there are no changes that you find in the dashboard. So once I do a submit, then you see everything comes on the dashboard. So this is the importance of the submit button quite helpful.It really depends on how you like your dashboards to be. So, this is it for today's video. I hope you understood the basics of time, range, and speaker, and how important they are typically in the dashboards that you design. So with this, we'll conclude this video. I hope this has been informative for you and I look forward to seeing you in the next video.

12. Building Dashboard Inputs - Text Box

Hey everyone, and welcome back. In the earlier video, we were discussing how we could add this time range picker within a dashboard. So we'll continue with the series and we will look into how we can make our dashboard much more productive. Now, typically, if you look into the AWSdashboard, there is a time range picker and there is also various text box like functionality. So basically, let's say that you have ten AWS accounts here. It will give you a summary of all the ten AWS accounts. However, if you only want information related to one specific AWS account, you can add the AWS account here and then within the dashboards over here, you will only see information related to that. And basically, this is the functionality that we want to add over here. Now, in order to do that, we'll add one more panel to our dashboard. So let's do it every time, and this time we'll use the table. We'll say client IP and product ID. We'll just press enter. And now you see there are a lot of client IPS and product IDs, like client IP addresses are visiting which product ID. So now I will go ahead and do a save. I will put it on the dashboard panel. The Dashboard is existing and the panel title is Client IP and Product ID Mapping. Okay, so this is a product IPmapper and I'll click on Save. Perfect. So now that you have added, let's do a quick refresh. And currently, you see, there are a lot of IPaddresses and the product ID that they are visiting. Now within this, you see that there are a lot of IP addresses that you will find over here. Now one of the main things that management wants to look into, say, is that management wants to have a box here where they can put the IP address and they want to see the list of product ideas that they are visiting. So, in order to achieve that kind of functionality, we need to add a text box. So let's click on Edit. So now we'll go ahead and add a new input. We'll put in a text box. So we'll select Edit. I'll say source IP and the token value as source IPR. So we'll have the same thing. We'll click "Apply" and now you can click "Save." So now you have the Source IP field over here. Now the use cases will select the source IP here. And what we want is anytime someone puts a source IP address, they should be able to see the list of product IDs within the dashboard just for the specific source IP that they put over here. We already discussed that we have added a token, but the token needs to be integrated with various panels that we have. So that integration part needs to be done. So in order for that to happen, One important aspect to remember here is that this is the value that you put over here. That value will be the variable. So it can be any IP address over here, right? So people can put any IP address over here. So this specific value will be a variable one. And this is the reason why you will have to put a variable within your search aspect which is associated with the dashboard. So in order to do that, we can click on Edit. And if you edit the search, this is the search string. So what you have to do is here you have to replace this client IP with a variable which is the source IP. So this source IP variable basically comes from the text box here. So this is how it would actually work. Now we'll do a reply and we'll do a save. So now we already know that we'll have to quickly do a refresh. And within the source IP, I'll put the source IP and I'll press Enter. So, as you can see, I'm starting to get the IP address that we entered in this column. Now, in case you want to try it out with a few more, let's just select one random IP and I'll paste it here. Now, as soon as I paste it,I'll have to click on Submit. And once I click on Submit, now you see,it basically tells me the IP address and associated product ID that has been visited. So this is the importance of the textbooks. It really has become quite important for various kinds of use cases. And I hope this video has been informative for you. And again, I really encourage every one of you to try this out within your demos so that it becomes easier for us to master the visualisation aspect as well. So with this, we will conclude this video. I hope this has been informative and I look forward to seeing your next video.

13. Building Dashboard Inputs - Drop down

Hey everyone, and welcome back. Now we'll continue our discussion of dashboards and panels. Today yet again, we'll learn about one more input which is available within the dashboards, which is the dropdown. If you look into the Splunk app now within the regions, you'll see that you have a drop down here. Basically, in AWS, if you have worked, there are a lot of regions and each region can have a different set of compute instances and a different set of ALB. So if you just want to see what the infrastructure present in the Mumbai region is, So you can just select the Mumbai region and you'll see all the data within the Mumbai region. So similar to that, basically what we want is currently happening is that we are getting the IP address. So this part is working perfectly, but we want to see a lot of other things except product ID. So it might be that management wants to see what the other things that are happening other than the product ID. So those aspects are something that we can reduce. So let's do one thing. So within the search column we have an aspect of, say, status. When I press Enter, you see I get the status. So when a customer with this IP 198, 35, 175, tried to access this product ID, it got a 404 status. Some have gotten 200 status. So it might happen that, depending upon whether the website is working or not, the status will depend on whether the customer got a successful response. The HTTP status will change. So what we want is through the option we want that management should be able to see the status if it is required or not. Or you can say that if you put something like an asterisk here, let's try an asterisk. And if you press Enter, you will see that you now have all the information related to a specific request. So let's make a use case in such a way that by default you'll only have these two fields. However, management will have an option to select a drop down where they'll be able to see all the fields if they intend to. So that is something that can come from the dropdown. So what we'll do is select edit and within the ad input, I'll select the dropdown here. So this is the dropdown. Let me just rename the field as "drop down" so that we can easily search and change it. And the token, let's have the same name token, which is Dropdown. And basically, here you will have to have a static option. So I'll say all the fields and I'll say Astrid. So this is the drop down here, and let's click on Apply. Perfect. Now what you might want to do is you'll have to edit here. You will have to edit a search. Let's add one more column, say "Drop down." So you have a drop down here and we'll click on Apply and we'll click on Save. Perfect. So now you have a drop down here. So I guess we missed one part. We forgot to add this as a proper variable. So you need to make it a proper variable. Let's click on "apply" and let's save. So once done, let's quickly do a refresh. And now you can see all the fields related to this specific IP address within field one. Now you can make it much more granular. So let's quickly do an edit and we'll edit the drop down here and within here we'll add a new say. I want to see the status quo and the value here would be status. So basically, I want to see whether this request was successful or whether the client got a 404 or 500 error. Now we can go ahead and click on apply and I'll doa save, then we'll again quickly refresh our page. Once the page is refreshed, you have two options. One is all fields and the status quo. I want to just see the status quo. Now you will see that I'm just getting the status which is associated with the product ID. So this is the benefit of dropping down. Again, there can be a lot of usecases where drop down will be beneficial. This is one of the examples. A second example that we already saw is that if someone wants to look into the resources for a specific region, this drop down will be useful for them. So this is it. In this video, I hope you understood the meaning of drop down and the use cases where drop down can be used, so this is it. I hope this has been informative for you and I look forward to seeing you in the next video.

14. Building Dashboard Inputs - Dynamic DropDown

Hey everyone, and welcome back. Now, in today's video, we will be looking into the dynamic ability of the drop-down menu. Now, in order to understand that,let's take a use case. So, within a dropdown, we had allfields and only a status quo. So now, now what we want is a functionality in such a way that any person or analyst, if he wants to just analyse one feed, saycategory ID, or he wants to analyse an action, should be able to select that field from the dropdown menu, and he should be able to analyse that. Now, one of the ways in which you can do that is basically, you can add each individual field here and create that variable. Now again, that part is really time-consuming, and it's not really the ideal way. So if you're lazy like me and want to do things in an automated way, you can make use of the dynamic aspect of your dropdown. So basically, if you click on Edit here and you go a bit down, there are two options here. One is static options, and the second is dynamic options. So-called static options are the ones where you statically define each and every field name and its associated value. Now the dynamic option is where your drop down menu can automatically extract things from your data. So let's look into how exactly it would work. So far, I've written a simplesearch that extracts individual field names from our combined source access. So this will basically give you the individual feeling. As you see, there are so many fields which are present here. If you keep on adding this field within the static options,it will take a huge amount of time. So what we'll do is we'll make this dynamic. So in order to do that, I'll copy the search and I'll pace the search string here. All right. Now, within the field label, let's say the label isall and within the field for value, what we basically need is this specific field name. So here is everything. All the names of the fields are present within a table called the "column." So you will have to specify the column here. Once you do that, click on Apply. You can also click on Save. And now you see that all the data that is present within the column is automatically appearing. Now you can click on one of them. Your table will automatically get refreshed depending on what the things that you select. This is something for lazy people, I would say. It really makes things much simpler,much faster and definitely the most ideal way of doing things. So this is it. About this video: I hope this has been informative for you and I look forward to seeing the next video.

ExamSnap's Splunk SPLK-2002 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Splunk SPLK-2002 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.