Book Image

Implementing Splunk (Update)

Book Image

Implementing Splunk (Update)

Overview of this book

Table of Contents (20 chapters)
Implementing Splunk Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

The development process


When building dashboards, my approach is generally as follows:

  1. Create the required queries.

  2. Add the queries to a simple XML dashboard. Use the GUI tools to tweak the dashboard as much as possible. If possible, finish all graphical changes at this stage.

  3. If form elements are needed, convert the simple XML dashboard to a form. If possible, make all logic work with simple XML.

  4. Convert the simple XML dashboard to an advanced XML dashboard. There is no reverse conversion possible, so this should be done as late as possible and only if needed.

  5. Edit the advanced XML dashboard accordingly.

The idea is to take advantage of the Splunk GUI tools as much as possible, letting the simple XML conversion process add all of the advanced XML that you would have to otherwise find yourself. We covered steps 1–3 in the previous chapters. Step 4 is covered in the Converting simple XML to advanced XML section.