Dynamic Dashboards

Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Before Taking This Course

• To be successful, students must have a working understanding
of these courses:
– Intro to Splunk
– Introduction to Dashboards

2 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Course Objectives
• Define token syntax
• Create user inputs
• Create dynamic inputs
• Build cascading inputs
• Create a dynamic drilldown
• Set tokens
• Use dynamic coloring

3 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Course Outline
• Using Tokens
• Adding Inputs
• Using Drilldowns
• Dynamic Visualizations

4 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic 1: Using Tokens

5 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic Objectives
• Define dashboard token syntax
• Describe types of predefined tokens
• Use token filters

6 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dashboard Tokens
• Syntax
– Use $...$ delimiters to access
the value of a token
• Types
– User defined
– Predefined
▪ Search, environment, inputs,
drilldowns, maps, and
visualizations
index=cafegames sourcetype=access_combined_cg host=$myTok$ status>300
– Default token | timechart count by host

7 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Predefined Tokens – Search

• Set tokens from search job Search Results
metadata or search results $search name:result.<field_name>$
Returns the first value for the specified field name
from the first result in the search.

– Embed search-related information

Search Job Metadata
in other searches or visualizations $search name:job.done$ Is the job is done? True or false.
$search name:job.failed$ Did the job fail? True or false.
$search name:job.hasResults$ Did the search return results? True or false.
$search name:job.inProgress$ Is the job in progress? True or false.
$search name:job.isRealTimeSearch$ Does the job use a real time search? True or false.
$search name:job.lastUpdated$ Returns a timestamp of the last update.
$search name:job.messages$ List of error and debug messages.
$search name:job.percentComplete$ The job's percentage of completeness. Numerical value.
$search name:job.queued$ Is the job is queued? True or false.
$search name:job.resultCount$ Number of results returned. Returns an integer.
$search name:job.sid$ Returns the search job ID.
$search name:job.startTime$ Time a search job started. Returns date and time.
$search name:job.status$ What is the status? Done, queued, in progress, or failed.
$search name:result.<field>$ Returns the first result for the specified field.

8 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Predefined Tokens – Search Example 1

• Search job metadata
– Search job status
▪ Syntax: $Search Name:job.status$
▪ Returns: queued, inProgress, done, or failed
Example: Add Search Job Status to a panel Description

9 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Predefined Tokens – Search Example 2

• Search results
– Syntax: $Search Name:result.<field>$
– Returns: first value from the first result of the named field

Example: Add Score Leader and Top Score to Panel

10 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Predefined Tokens – Environment Example

• Capture user details and Splunk
platform instance and embed 1. $env:user$ Current user's username: supportuser

on dashboards: 2. $env:user_realname$ Current user's full name: Administrator

Titles, labels, or text

3. $env:user_email$ Current user's email address: [email protected]
– 4. $env:app$ Current app context: dynamic_dash

– Search queries 5. $env:locale$ Current locale: en-US

6. $env:page$

Can read environment

Current open page: environment_token_example

• 7. $env:product$ Current instance's product type: enterprise

token data but not write 8. $env:version$ Current instance's product version: 9.0.0

environment token data

9. $env:is_cloud$ Current instance is Splunk Cloud: $env:is_cloud$

10. $env:is_enterprise$ Current instance is Splunk Enterprise: true

11. $env:is_lite_free$ Current instance is using a Splunk Light free license: $env:is_lite_free$

12. $env:is_free$ Current instance is using a Splunk Splunk Enterprise free license: $env:is_free$

These tokens are only set only if 'true'

11 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Predefined Tokens – Visualizations

• Set tokens and capture values Example: Set a token to capture the HTTP Request Method

from a visualization click 1

• Use the token elsewhere in

the dashboard
3

• Three predefined tokens:

– name
2
– value
– row.<fieldname>.value

• Captured values vary according

to visualization type

12 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Default Token
Used when there is no other token value
Clicking on chart A sets the token errorTok Chart B consumes the value The default value for errorTok, the wildcard
with a value for the field log_level of errorTok in its search. asterisk (*), is stored as text in the dashboard
source code, in the defaults section
...
"defaults": {
"dataSources": {
"ds.search"{
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
},
"tokens": {
index=_internal sourcetype=splunkd log_level=$errorTok$ "defaults": {
"errorTok": {
| stats count by log_level component | sort -count "value": "*"
}
}
}
},
...

13 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Token Filters
Token filters ensure that you correctly capture a token’s value
Token Filter Description
$token_name|s$ Wrap value in quotes

$token_name|h$ Escape any HTML in value

$token_name|u$ Encode URL values

$token_name|n$ No encode

$$token_name$$ Escape the $ token delimiter character

14 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Lab Exercise 1 – Using Tokens

• Description: Create a
dashboard, add a chart,
and search token.
• Duration: 15 minutes
• Tasks:
– Create a dashboard
– Add markdown text
– Add a chart
– Add predefined tokens

15 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic 2: Adding Inputs

16 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic Objectives
• Name the types of inputs
• Create a dynamic input
• Create cascading inputs

17 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Inputs
• Types: dropdown, multiselect, text,
number, and time range
• Input tokens
– Automatically generated
– Customizable
• Visualization editor
– Customize token name
– Add static values
– Specify default values
– Define the data source
• Source editor
– Configure when input values populate:
Page load, input change, Submit button clicked

18 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Adding Inputs
• Using the visual editor: ...
"inputs": {
"input_global_trp": {

– Source code automatically created "type": "input.timerange",

"options": {
"token": "global_time",

• Using the source editor: },

"defaultValue": "-24h@h,now"

"title": "Select a time range:"

– Input ID must begin with input_ },

"input_MTVk7TGo": {
"options": {
– You must add it in two places in the "defaultValue": "*",
"token": "textToken"

dashboard definition
},
"title": "Name of game:",
"type": "input.text"
1▪ Define the input stanza in the ...
}

dashboard definition inputs section "layout": {

"type": "absolute",
"options": {
2▪ List the input unique ID in the "width": 1440,
"height": 960,
globalInputs area of the layout section "globalInputs": [
"input_global_trp",
"input_MTVk7TGo"
]
},
"description": "",
"title": "Input - Example"
}

19 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Time Range Input Example

Automatically added to every
{
• "inputs": {
"input_gvp3I0QZ": {
Customized Configuration
new dashboard
"options": {
"defaultValue": "-24h@h,now",
"token": "timeTok"
},

• Can have more than one }

"title": "Select a time:",
"type": "input.timerange"
Token set by the
time range input
},
• Can customize token name "dataSources": {
"ds_search_1": {
"type": "ds.search",

Time token is consumed

"options": {
• "query": "index=cafegames sourcetype=access_combined_cg | timechart count",
"queryParameters": {

as two tokens
"earliest": "$timeTok.earliest$",
"latest": "$timeTok.latest$"
}
}, Time tokens consumed
– .earliest and .latest },
}
"name": "Search1"
by this search

are automatically appended ...

"defaults": {
"dataSources": {

– Automatically added to the

"ds.search": {
"options": {
"queryParameters": {
defaults section "latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}

• Works with inline and }

}
} Default time tokens available to all
dashboard searches
base & chain searches ...
},

20 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Text Input Example

Enter any number or string to the input
{
"dataSources": {
"ds_search_1": {
In the search, use $ as a delimiter and optionally, a token filter
"type": "ds.search",
"options": {
"query": "index=\"cafegames\" product_name=$prodTok|s$ | timechart count by product_name useother=f"
},
"name": "Cafe Game Sales"
}
},
"inputs": {
"input_ta9O6WDq": {
"type": "input.text",
"title": "Enter product name:",
"options": {
"token": "prodTok",
"defaultValue": "*"
}
}
},
...
"layout": {
"globalInputs": [
"input_global_trp",
"input_ta9O6WDq"
]
},
"title": "Text Input Example",
...

21 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Number Input Example

• Ensures users only enter numbers
• Supports decimals and negative numbers
• Useful when passing a token to a search
that requires a numerical argument
• Available options:
– defaultValue
– token
– min: minimum number available
– max: maximum number available
– step: interval for the up / down arrow

22 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dropdown Menu Input

Static Value Example
• Populate dropdown inputs using
static values or dynamically with
search results
– Up to 1,000 items in the menu
• Requires defining key/value pairs
– Label appears in the menu
– Value is passed as the token

23 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dropdown Menu Input – Dynamic Example

Create a scheduled search that Use a lookup or Select the label
1 2 Add the input to 3 Customize title, token, and
4 5
outputs a lookup (optional) the dashboard static options (optional) ad-hoc search and value fields

index=cafegames product_name="*"
| dedup product_name
| table product_name
| sort product_name
| outputlookup bcg_products

24 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Multiselect Input Static Value Example

• Select multiple options from a menu

• Populate input using static values or
dynamically with search results
– Up to 1,000 items in the menu
• Only a comma delimiter is supported
– Use the IN operator and format your
queries appropriately

index=cafegames sourcetype=access_combined_cg product_name IN ($prodTok|s$)

| timechart count by product_name

25 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Multiselect Input – Dynamic Example

Create a scheduled search that Add the input to Customize the title and token Use the lookup search Select the label
1 outputs a lookup (optional)
2 3 and static options (optional)
4 5
the dashboard or an ad-hoc search and value fields

index=cafegames product_name="*"
| dedup product_name
| table product_name
| sort product_name
| outputlookup bcg_products

26 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Submit Button
• Click to refresh a dashboard after
making input selections ...

– Requires adding the submitButton "layout": {

"type": "absolute",

property to options in the layout section "options": {

"submitButton": true,
"height": 250
• Boolean settings ...
},

– true: Submit button click required

for an input selection to take effect
– false or not specified: refreshes when
input selection is made
• Input default values determine
whether visualization displays
on initial dashboard load

27 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Cascading Inputs
• One input sets values for another input
• To each input search, add the other input tokens
– For example, in a three-input cascade:
▪ Input1 search: add token2 and token3 1 2 3

▪ Input2 search: add token1 and token3

▪ Input3 search: add token1 and token2

Input1 Search Input2 Search Input3 Search

| inputlookup myLookup | inputlookup myLookup | inputlookup myLookup
| search field2=$token2$ field3=$token3$ | search field1=$token1$ field3=$token3$ | search field1=$token1$ field2=$token2$
| dedup field1 | fields field1 | sort field1 | dedup field2 | fields field2 | sort field2 | dedup field3 | fields field3 | sort field3

28 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Cascading Inputs – Example

Country Input Search State/Province Input Search City Input Search
| inputlookup bcg_vendors | inputlookup bcg_vendors | inputlookup bcg_vendors
| search VendorStateProvince=$vStateTok|s$ VendorCity=$vCityTok|s$ | search VendorCountry=$vCountryTok|s$ VendorCity=$vCityTok|s$ | search VendorCountry=$vCountryTok|s$ VendorStateProvince=$vStateTok|s$
| dedup VendorStateProvince | fields VendorStateProvince | dedup VendorCity | fields VendorCity | sort Vendor
| dedup VendorCountry | fields VendorCountry | sort VendorCountry | sort VendorStateProvince

The table search consumes all three tokens

index=sales sourcetype=vendor_sales VendorCountry=$vCountryTok$ VendorStateProvince=$vStateTok$ VendorCity=$vCityTok$
| stats sparkline(count) as Trend values(Vendor) as Vendor values(product_name) as GamesSold by VendorCountry

29 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Lab Exercise 2 – Create Cascading Inputs

Description: Create a dashboard,
add dropdown inputs, and make
the inputs cascade.
Duration: 25 minutes
Tasks:
– Create a dashboard

– Add dropdown menu inputs

– Make inputs cascade

– Add a chart

30 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic 3: Adding Drilldowns

31 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic Objectives
• Identify types of drilldowns
• Create a dynamic drilldown
• Create a contextual drilldown

32 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Custom Drilldowns Dynamic Drilldown

• Dynamic Drilldown
– Link to dashboard
▪ Set tokens
▪ Pass values as tokens from a user click
to another dashboard
– Specify a path to a URL
▪ Relative path to a dashboard in another app
▪ Absolute path to an external website Contextual Drilldown

• Contextual Drilldown
– Set tokens
▪ Pass values as tokens from a user click to
visualizations on the same dashboard

33 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Custom Drilldowns – Setting Tokens

• Set tokens on a visualization
• Use predefined tokens or a static token value
– name captures the field name of the value or location
clicked
– value captures the value of the location clicked
– row.<field_name>.value passes the value clicked
Predefined Token Options
• Use $...$ delimiters in the token value to pass the
value of an existing token
– For example, pass the time range using:
Token Name Token Value
<timeRangeToken>.earliest $<timeRangeToken>.earliest$
<timeRangeToken>.latest $<timeRangeToken>.latest$

34 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Setting Tokens – Example

Set a token with one visualization Use that token in the search used by others

35 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Hiding Elements
• Hide visualizations and A dotted outline for the element
inputs based on the indicates visibility is determined
by data availability
existence of search results
• Requires absolute layout
• Available for the following:
– Charts
– Icons
– Shapes
– Dropdown input
– Multiselect input

36 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Hiding Elements – Visualization Example

A click on Visualization 1 sets the $hostTok$ token. Visualization 2 is hidden until the $hostTok$ token is set.

The $hostTok$ token is used by the

search that drives Visualization 2.

37 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Hiding Elements – Visualization Example (cont.)

Hide visualization 2 again by having a user click reset the token to the default value

38 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Hiding Elements – Input Example

My Dropdown Input is hidden until the $hostTok$ Visualization 2 is hidden until a selection from My Dropdown Input
token is set by a click on Visualization 1 sets the $statusTok$ token consumed by Visualization 2.

39 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Drilldown – Origin Dashboard

Origin dashboard
token options:

2
5

Match these To these tokens

tokens on the on the origin
destination dashboard
dashboard

40 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Drilldown – Destination Dashboard

If passing a time input token match their Can use the source token Add the source token to the search used by the
token names on both dashboards on destination inputs visualization on the destination dashboard

2
1

41 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Lab Exercise 3 – Create a Dynamic Drilldown

Description: Create a dynamic
drilldown from the Games Played
pie chart to a new form
Duration: 25 minutes
Tasks:
– Create a destination form

– Configure the data source

– Add dropdown inputs

– Clone a dashboard

– Add a drilldown

42 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic 4: Dynamic Visualizations

43 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Topic Objectives
• Describe static and dynamic coloring
• Add dynamic coloring to a visualization

44 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Visualization Coloring Static Table Header

Background Color

• Static: color part of the visualization

– Fill, lines, rows, and more
• Dynamic: use search results to
dynamically color visualizations
– Color values by trend, value, and more
– Fill, lines, columns, rows, values, text,
and more Dynamic Row Colors

– Available for these visualizations:

• Icon • Single Value

• Punchcard • Single Value Radial
• Marker Gauge • Single Value Icon
• Table • Sankey
• Shape • Choropleth SVG

45 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Shape Example

• To enable dynamic coloring:
1– Select the shape 2

2– Set up the Primary Data Source

3– Select an option in Dynamic Elements 1 3

4– Set threshold values and colors 4

5– Set fill and stroke opacity

5

46 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Table Example

• To enable dynamic coloring:
1– Select the table 2

2– Set up the Primary Data Source 1

3– Select the column to be

dynamically colored
3

47 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Table Example (cont.)

4• Click the pencil icon beside
the column selected
5• Select text or background
of the column to be colored 5

6• Choose between dark and 4

light colors 6

48 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Table Example (cont.)

7• Select a preset palette
– If needed, switch the range order
of the colors
8• Specify the range values
– More than seven can be added
using the source editor
– If needed, change the range colors
7

49 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Single Value

• Single Value and Single Value Single Value Radial Single Value Icon

Single Value Radial

– Major value, trend,
and background
• Single Value Icon
– Icon, major value,
trend, and background
• Set color thresholds for different data ranges
• Single value icon visualizations start with an icon being
added to a layout and then linked to a data source

50 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Single Value Example

• To enable dynamic coloring:
1– Add a single value visualization
to an absolute layout 1

2– Scroll to the Coloring section 2

3– In the Dynamic elements menu, 3

select which elements should 4

be dynamically colored
4– Adjust the color palettes and

ranges or accept the defaults

51 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Coloring – Single Value Icon Example

• To enable dynamic coloring: 1

1– Add an icon to an absolute layout 2

2– Enable Major value & trend

3– In the Dynamic Elements menu,

select which elements should 3

be dynamically colored
4– Adjust the color palettes and
4
ranges or accept the defaults

52 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Options Example – Source Editor

1 "visualizations": {
2 "viz_C8fYK7RH": {
3 "type": "splunk.table",
4 "options": {
5 "columnFormat": { Column of query results to use
Visualization
6 "count": {
"data": "> table | seriesByName(\"count\") | formatByType(countColumnFormatEditorConfig)",
Formatting
7
8 "rowColors": "> table | seriesByName('count') | pick(countRowColorsEditorConfig)",
9 "rowBackgroundColors": "> table | seriesByName(\"count\") | rangeValue(countRowBackgroundColorsEditorConfig)"
10 }
11 }
12 },
13 "context": {
14 "countColumnFormatEditorConfig": {
15 "number": {
16 "thousandSeparated": false,
17 "unitPosition": "after"
18 }
19 },
20 "countRowColorsEditorConfig": [
21 "#3c444d"
22 ],
23 "countRowBackgroundColorsEditorConfig": [
Object Properties
24
25
{
"value": "#669922",
26 "to": 10
},
27
28 { Colors and ranges
29 "value": "#CBA700",
"from": 10,
for each color
30
31 "to": 30
32 },
33 {
34 "value": "#D41F1F",
35 "from": 30
36 }
37 ]
38 },
39 }
40 ...
–

53 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Options – Source Editor Only

• Some options are only available by editing the source code
• Add these in the options section of your visualization
– Items listed configure the illustrative specifics
– Use dynamic options syntax (DOS) structure

"Config option": "> [data source] | [selector function(s)] | [formatting function]"

Location of Select the data associated Transform and map the selected
your data source, with the visualization. data into the desired format
search, or option

"trendColor": "> trendValue | rangeValue(trendColorEditorConfig)"

"sparklineValues": "> primary | seriesByName('count')"

54 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Dynamic Options – Source Editor Only (cont.)

...
"visualizations": {
"viz_ZCtqeNe7": {
"type": "splunk.singlevalue",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"trendColor": "> trendValue | rangeValue(trendColorEditorConfig)",
"showSparklineAreaGraph": true,
"sparklineStrokeColor": "> majorColor"
},
"dataSources": {
"primary": "ds_Hn6PPItg" "Config option": "> [data source] | [formatting function]"
},
"context": {
"majorColorEditorConfig": [
{
"value": "#D41F1F",
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)" Example
"to": 20
},
{ "trendColor": "> trendValue | rangeValue(trendColorEditorConfig)" Example
"value": "#D94E17",
"from": 20,
"to": 80,
},
{
"from": 80, "Config option": [setting]
"value": "#118832"
}
],
"trendColorEditorConfig": [ "showSparklineAreaGraph": true Example
{
"to": 0,
"value": "#9E2520"
},
{
"from": 0, "Config option": "> [data source]"
"value": "#1C6B2D"
}
]
}
} "sparklineStrokeColor": "> majorColor" Example
},
...

55 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Lab 4 – Add Dynamic Coloring

• Description: Clone a dashboard,
delete a visualization, customize
a visualization, add icons and
dynamic coloring.
• Duration: 30 minutes
• Tasks:
– Clone a dashboard
– Revise the data sources
– Revise the pie chart
– Add a single value visualization
– Add a column chart
– Add icons
– Add dynamic coloring

56 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Summary

57 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Wrap Up • You should now be able to:

• Create user inputs
• Define token syntax
• Create dynamic inputs
• Build cascading inputs
• Create a dynamic drilldown
• Set tokens
• Use dynamic coloring

58 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Documentation

Topic 1: Using Tokens Topic 3: Adding Drilldowns

• Use inputs and tokens to make • Object options and defaults reference
dashboards dynamic • Advanced dynamic options syntax
• The source code stanza of a visualization
Topic 2: Adding Inputs
• Use Drilldown for Dashboard Interactivity Topic 4: Dynamic Visualizations
• Link to a dashboard • How the dashboard definition is
• Predefined Drilldown Tokens structured in the source editor

59 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

References
• Splunk Community Portal – community.splunk.com
– Answers
– Discussions
– Splunk Trust
– User Groups
– Ideas
• Splunk Blogs – splunk.com/blog/
• Splunk Apps – splunkbase.com
– Apps
– Curated Collections
• Splunk Docs on Twitter – twitter.com/splunkdocs
• Splunk Dev on Twitter – twitter.com/splunkdev
• Splunk on Slack – splk.it/slack
• .conf – conf.splunk.com

60 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Support Programs
• Web
– Documentation: dev.splunk.com and docs.splunk.com
– Wiki: wiki.splunk.com
• Splunk Lantern: Guidance from Splunk experts
– lantern.splunk.com

• Global Support: Support for critical issues, a dedicated

resource to manage your account – 24 x 7 x 365
– Web: splunk.com/index.php/submit_issue
• Enterprise, Cloud, ITSI, Security Support
– Web: splunk.com/en_us/about-splunk/contact-us.html#tabs/customersupport
– Phone: (855) SPLUNK-S or (855) 775-8657

61 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Learning Paths
Search Expert - Recommended Courses
Free eLearning courses are in blue and courses with an * are present in both
learning paths.
• Introduction to Splunk * • Result Modification
• Using Fields * • Leveraging Lookups and Subsearches
• Scheduling Reports and Alerts • Correlation Analysis
• Visualizations • Search Under the Hood
• Statistical Processing • Multivalue Fields
• Working with Time • Search Optimization *
• Comparing Values

62 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Learning Paths (cont.)

Knowledge Manager - Recommended Courses
Free eLearning courses are in blue and courses with an * are
present in both learning paths.
• Introduction to Splunk * • Enriching Data with Lookups
• Using Fields * • Data Models
• Introduction to Knowledge Objects • Introduction to Dashboards
• Creating Knowledge Objects • Dynamic Dashboards
• Creating Field Extractions • Creating Maps
• Search Optimization *

63 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Mobile
• Free app available to all Splunk
Cloud and Splunk Enterprise
customers
• Analyze data and receive
actionable alerts on-the-go with
mobile-friendly dashboards
• iOS and Android
• See the Product Brief

64 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Certification
Offerings and Requirements

65 Introduction
Dynamic to Dashboards
Dashboards • 28 September
• 28 September 2023 2023
 © 2023 SPLUNK INC.

Splunk Core and Beyond

Regardless of which Splunk product you use, it all starts with Splunk Core
Splunk Cloud
Splunk Core
Recommended

Splunk Enterprise

66 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

App-Specific Offerings
For Splunk Add-Ons

ES ITSI SOAR
Administration Administration Automation
Developer

67 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Core Certified User

This entry-level certification demonstrates an individual's basic ability to use Splunk software

Prerequisite Certification(s): Splunk Core Certified User Exam Congratulations! You are a...
• None Time to study! We suggest candidates looking to prepare for
this exam complete Fundamentals 1 or the following courses:
Prerequisite Course(s): • Intro to Splunk
• None • Using Fields
• Scheduling Reports and Alerts
• Visualizations
• Statistical Processing
• Working with Time
• Leveraging Lookups and Subsearches
Recommended Next Step
• Search Optimization
• Enriching Data with Lookups • Splunk Core Certified Power User
• Data Models
See here for registration assistance.

68 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Core Certified Power User

This entry-level certification demonstrates an individual's foundational competence of Splunk’s
core software

Prerequisite Certification(s): Splunk Core Certified Power User Exam Congratulations! You are a...
• None Time to study! We suggest candidates looking to prepare for
this exam complete Fundamentals 2 or the following courses:
Prerequisite Course(s): • Visualizations
• None • Statistical Processing
• Working with Time
• Comparing Values
• Result Modification
• Correlation Analysis
• Search Under the Hood
Recommended Next Steps
• Introduction to Knowledge Objects
• Creating Knowledge Objects • Splunk Core Certified Advanced Power User
• Creating Field Extractions • Splunk Enterprise Certified Admin
• Data Models
• Creating Maps • Splunk Cloud Certified Admin
See here for registration assistance.

69 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Core Certified Advanced Power User

This certification demonstrates an individual's ability to generate complex searches, reports, and
dashboards with Splunk’s core software to get the most out of their data

Prerequisite Certification(s): Splunk Core Certified Advanced Power User Exam Congratulations! You are a...
• Splunk Core Certified Power User Time to study! We suggest candidates looking to prepare for this exam
complete Fundamentals 3, Creating Dashboards, and Advanced
Searching & Reporting or the following courses:
Prerequisite Course(s):
• Using Fields
• None • Working with Time
• Comparing Values
• Result Modification
• Leveraging Lookups and Subsearches
• Correlation Analysis
• Search Under the Hood
• Multivalue Fields
• Search Optimization Recommended Next Steps
• Creating Field Extractions • Splunk Enterprise Certified Admin
• Enriching Data with Lookups
• Data Models • Splunk Cloud Certified Admin
• Creating Maps
• Introduction to Dashboards
• Dynamic Dashboards

See here for registration assistance.

70 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Cloud Certified Admin

This certification demonstrates an individual's ability to support the day-to-day administration and
health of a Splunk Cloud environment

Prerequisite Certification(s): Splunk Cloud Certified Admin Exam Congratulations! You are a...
• Splunk Core Certified Power User Time to study! We suggest candidates looking to
prepare for this exam complete either the Splunk
Prerequisite Course(s): Cloud Administration or the Transitioning to
Splunk Cloud course.
• None
Both courses will equally prepare candidates for
the exam, but are tailored to meet the needs of
the individual based on prior Splunk experience.

Splunk Cloud Administration is designed for

net-new administrators working in a Splunk Cloud
environment. Transitioning to Splunk Cloud is
for experienced Enterprise administrators looking
to maximize their success in migrating to a Cloud
environment.

See here for registration assistance.

71 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Enterprise Certified Admin

This certification demonstrates an individual's ability to support the day-to-day administration
and health of a Splunk Enterprise environment

Prerequisite Certification(s): Splunk Enterprise Certified Admin Exam Congratulations! You are a...
• Splunk Core Certified Power User Time to study! We suggest candidates looking to
prepare for this exam complete the following courses:
Prerequisite Course(s):
• Splunk System Administration
• None • Splunk Data Administration

See here for registration assistance.

Recommended Next Steps

• Splunk Enterprise Certified Architect

72 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Certified Architect

This certification demonstrates an individual's ability to deploy, manage, and troubleshoot
complex Splunk Enterprise environments

Prerequisite Certification(s): Splunk Enterprise Certified Architect Exam Congratulations! You are a...
• Splunk Core Certified Power User Time to study! We require candidates looking to register for
• Splunk Enterprise Certified Admin this exam to complete the following prerequisite courses:
• Architecting Splunk Enterprise Deployments
Prerequisite Course(s): • Troubleshooting Splunk Enterprise
• Splunk Cluster Administration
• Architecting Splunk Enterprise Deployments • Splunk Deployment Practical Lab
• Troubleshooting Splunk Enterprise
Candidates who are Splunk Enterprise Certified Admin
• Splunk Cluster Administration and have completed all of the above courses will automatically
Splunk Deployment Practical Lab receive an exam authorization for the Splunk Enterprise
• Recommended Next Steps
Certified Architect exam within 5-7 business days of receiving
their passing lab results. • Splunk Core Certified Consultant

See here for registration assistance.

73 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk Core Certified Consultant

This certification demonstrates an individual's ability to properly size, install, and implement Splunk
environments and to advise others on how to utilize the product and maximize its value for their needs

Prerequisite Certification(s): Splunk Core Certified Consultant Exam Congratulations! You are a...
• Splunk Core Certified Power User Time to study! We require candidates looking to register for this exam to
• Splunk Enterprise Certified Admin complete the following prerequisite courses:
• Splunk Enterprise Certified Architect • Fundamentals 3, Creating Classic Dashboards, Advanced Searching
& Reporting*
• Core Consultant Labs
Prerequisite Course(s): • Services Core Implementation
• Advanced Power User courses or digital badge* Candidates who are Splunk Enterprise Certified Architects and have
• Core Consultant Labs completed all of the above courses must contact [email protected] to
request their Core Consultant exam authorization.
• Indexer Cluster Implementation
• Distributed Search Migration
See here for registration assistance. Recommended Next Steps
• Implementation Fundamentals *These Advanced Power User courses can be replaced with a Splunk Certified
Advanced Power User badge or completion of the following courses: • None
• Architect Implementation 1-3
• Using Fields • Comparing Values
• Services Core Implementation • Creating Field Extractions • Correlation Analysis
• Enriching Data with Lookups • Result Modification
• Data Models • Multivalue Fields
• Search Optimization • Search Under the Hood
• Working with Time • Creating Maps
• Leveraging Lookups and Subsearches • Introduction to Dashboards
• Dynamic Dashboards
74 Dynamic Dashboards • 28 September 2023
 © 2023 SPLUNK INC.

Splunk Enterprise Security Certified Admin

This certification demonstrates an individual's ability to install, configure, and manage a Splunk
Enterprise Security deployment

Prerequisite Certification(s): Splunk Enterprise Security Congratulations! You are a...

• None Certified Admin Exam
Time to study! We suggest candidates
Prerequisite Course(s): looking to prepare for this exam complete
• None the following course:
• Administering Splunk Enterprise
Security

Please note: all candidates are expected

to have working knowledge and Recommended Next Steps
experience as either Splunk Cloud or
• Splunk Phantom Certified Admin
Splunk Enterprise Administrators.

See here for registration assistance.

75 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk IT Service Intelligence Certified Admin

This certification demonstrates an individual's ability to deploy, manage, and use Splunk ITSI
to monitor mission-critical services

Prerequisite Certification(s): Splunk IT Service Intelligence Congratulations! You are a...

• None Certified Admin Exam
Time to study! We suggest candidates looking to
Prerequisite Course(s): prepare for this exam complete the following
• None course:
• Implementing Splunk IT Service Intelligence

Please note: all candidates are expected to have

working knowledge and experience as either
Splunk Cloud or Splunk Enterprise Recommended Next Steps
Administrators.
• Courses on Observability
See here for registration assistance.

76 Dynamic Dashboards • 28 September 2023

 © 2023 SPLUNK INC.

Splunk SOAR Certified Automation Developer

This certification demonstrates an individual's ability to install and configure a SOAR server,
integrate it with Splunk, and plan, design, create, and debug playbooks

Prerequisite Certification(s): Splunk SOAR Certified Automation Congratulations! You are a...
• None Developer Exam
Time to study! We suggest candidates looking to
Prerequisite Course(s): prepare for this exam complete the following courses:
• None • Administering SOAR (Phantom)
• Developing SOAR (Phantom) Playbooks
• Advanced SOAR (Phantom) Implementation

Please note: all candidates are expected to have

working knowledge and experience as either Splunk Recommended Next Steps
Cloud or Splunk Enterprise Administrators.
• None
See here for registration assistance.

77 Dynamic Dashboards • 28 September 2023

 © 2023SPLUNK INC.

Thank You