How to generate story from dashboard results?

splunk_thunk · ‎12-14-2022

Hello Splunk Experts,

Our organization has multiple applications. A work item, such as an order, passes through various applications and the actions performed on this work item are logged. Different apps have different log formats.

Here's what I am trying to do with my dashboard. When a user enters a work item # in the dashboard input, it will show the "journey" of that work item as it is processed by each app and passed on. I have panels on the dashboard to indicate the log entry of when it was received, processed and the passed on to the next app in the chain. Now, I am trying to get a bit more creative.

In addition to the panels on the dashboard, I am planning to have a label on the dashboard with a story-template such as

---

"An order with item placed by <username extracted from first or nth search result of app1> with <item # from input> arrived for processing at <time from first or nth search result of app1>. Then it was passed on to app2 at <time from first or nth search result of app 2>.

<if there is any error then> The item encountered error in app2. Error is <error extracted from search result of app2>, etc. Please contact blah blah

---

So the idea here is to generate a human-readable "story", i.e. a text generated based on search results of each panel, so that someone looking at the dashboard does not have to examine multiple panels to understand what is going on. They can simply read this "story".

I am able to get the resultCount using <progress> and <condition> tags in the dashboard, but do not know how to fetch and examine first or nth search result, or look for some specific text such as error or the time for nth result within the search results displayed in the panel for a particular app.

Any hints or specific examples appreciated.

Thanks much!

gcusello · ‎12-14-2022

Hi @splunk_thunk,

a good idea could be to use an image with the Data Flow as background and put some Single Value panels to give the dynamic information about the process steps.

this is possible if the process is standarizable in an image.

You can find an example of this solution in the Splunk Dashboard Examples App: https://splunkbase.splunk.com/app/1603

If you want a storyteller, you have to create a search that has as output all the values you need and then use eval to concatenate them, eventually with different descriptions based on the values you have in output, but anyway I prefer the other solution.

Ciao.

Giuseppe

bowesmana · ‎12-14-2022

When using event handlers to see data, you can only see $result.field$ where that will be the 'first' value of "field" in a table. I don't believe it's possible to access the nth row unless you start to use Javascript.

However, if you know what data it is that you want to identify from the results then you can use a base search to do the primary search and then a number of post processing searches that calculate elements of your results that you then want to capture as tokens in a <done> clause.

For example to capture 'n' for the nth query, you could post process this in a hidden table.

<table depends="$hidden$>
  <search base="base">
    <query>
| streamstats c
| where field="data_I_want"
    </query>
    <done>
      <set token="nth_row">$result.c$</set>
      <set token="username">$result.username$</set>
    </done>
  </search>
</table>

which will give you the 'nth_row' token with the value of 'n' which you can then use in an <html> panel.

Does that help in any way?

splunk_thunk · ‎12-15-2022

Thanks bowesmana. I will try it out.

How to generate story from dashboard results?

dashboard

panel

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?