Versions Compared

Old Version 1

changes.mady.by.user Aliaksei Shautsou

Saved on

compared with

New Version 2

changes.mady.by.user Olga Nekrutkina

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can view the overall summary of DNS, DHCP, and IPAM activities in the Home Dashboard page. This page presents a summary view of the following:

  • DDI Summary: Presents statistical information about the DNS, DHCP, and IPAM activities of all Grid members.
  • DNS: Displays the statistical summary of DNS activities. You can export the search results, open in search, and refresh.
  • DHCP: Displays the statistical summary of DHCP activities. You can export the search results, open in search, and refresh.
  • IPAM: Displays the summary of the Top10IPAMv4UtilizedNetworks dashboard.
  • Reporting Health: You can view the license usage by the reporting server:
    • Today's License Usage: Current license usage by the indexer.

...

    • License Usage Trend per Member: License usage by the indexer per member.


Figure 40.9 Reporting Home Dashboard

Anchor
About Searches
About Searches
Anchor
bookmark3021
bookmark3021
About Searches

Searches are criteria that the reporting server uses to save reports and dashboard panels. Each predefined report has an associated search. For more information, refer to the official Splunk documentation: {_} http://docs.splunk.com/Documentation._
To run a search:

  1. From the Reporting tab, select the Search tab.
  2. Enter the search criteria and then click the Search icon.

The search results are displayed in the New Search panel, as illustrated in the New Search View. In the New Search panel, you can save search results as Reports, Dashboard Panel, and Alerts.
When you deploy reporting clustering, we enable Splunk configuration to prevent data loss from forwarders, which may cause duplicated events in the indexer under certain circumstances. When you view reports and dashboards, the events that are already deduped are not duplicated again. However, if you view raw search events (such as write your own search against the indexed data directly), you may still see the duplicated events
The search results are based on the most seen events for the dashboards listed in Table 40.7. To know more about dedup searches, reports, or dashboards, refer to http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Dedup.

...

Note: When you click Open in Search, the content of the entire page (alert/ dashboard/ report) is encoded and displayed in the Search page. To avoid encoding, go to Activity tab -> Jobs. The Jobs page lists the search job history in the form of links. The top one is the latest search job executed by the alert or dashboard or report. The search string is not encoded when you click this link to run the search.
Image Removed

...


1586NIOS Administrator Guide (Rev. A)NIOS 8.1
About Searches

Anchor
bookmark3022
bookmark3022
Table 40.7 Dashboards and Deduplicate Key(s)

Dashboard

Deduplicate Key(s)

Inactive IP Addresses

Network view + IP address

DHCPv4 Top Utilized Networks

Network view + network

DNS Statistics per DNS View

DNS view

DNS Statistics per Zone

DNS view + DNS zone

IPAMv4 Network Usage Statistics

Network view + Network

IPAMv4 Top Utilized Networks

Network view + Network


Figure 40.10 Sample Search Summary View
Image Removed
Click Documentation to open Splunk Documentation
Enter Search criteria
Click Tutorial to open Splunk Tutorial  
Image Added
 

Anchor
bookmark3023
bookmark3023
Figure 40.11 New Search View

Image Removed
You can save search results as Reports, Dashboard panel, or alert.
New Search panel
Search criteria
Image Removed
NIOS 8.1NIOS Administrator Guide (Rev. A) 1587
Infoblox Reporting and Analytics
Image Added

Anchor
Best Practices for Customizing Searches
Best Practices for Customizing Searches
Anchor
bookmark3024
bookmark3024
Best Practices for Customizing Searches

You can optimize the performance of your reporting server and more efficiently view and manage your reports. Depending on the type of search and the data you want to search for, Infoblox recommends that you use the following guidelines:

  • Specify shorter start and end times whenever possible.
    • Time range is one of the most important factor for search performance. Depending on the number of events that need to be loaded from the disk, it might take a long time when you specify a wider time range as it involves a large amount of data.
  • Be specific about the fields you use.
    • Rare searches are faster than dense searches, so be specific whenever possible.
    • Start a search from a smaller dataset and then gradually apply it to bigger dataset.
    • When experimenting searches, start with a small date and time range, and then apply it to a bigger time range only when it is optimized.
  • If a search is running for a long time, you can use the Pause and Stop buttons.
    • You can tune the search criteria and run it again if you stop an ongoing search jobs.
  • Configure the panels to display data only if you have specific input instead of adding too many panels to the dashboard.
  • Scheduling expensive searches.
    • You can configure reports and dashboards by scheduling searches because prefetched search results are displayed each time the reports and dashboards are opened. This reduces the workload on the reporting server without data freshness.
  • Stagger scheduled searches.

Try to stagger your searches whenever possible. When you define how often the reporting server runs a search, be aware of other searches that the server is running. When you schedule the server to run many searches at the same time, the server performance can be negatively affected.

Anchor
Creating Reports from a Search
Creating Reports from a Search
Anchor
bookmark3025
bookmark3025
Creating Reports from a Search

...

You can also complete the following settings in the Your report has been created dialog box:

  • Permissions: Click this to edit permissions for your report, as described in Editing Permissions.
  • Schedule: Click this to schedule a report. For information about scheduling reports, see Scheduling Reports onpage 1598.
  • Acceleration: For more information, refer to the Splunk documentation.

...

Anchor
Saving a Search as a Dashboard Panel
Saving a Search as a Dashboard Panel
Anchor
bookmark3026
bookmark3026
Saving a Search as a Dashboard Panel

...

  1. From the Reporting tab, select the Search tab.
  2. Enter the search criteria and then click the Search icon. The search results are displayed in the New Search panel.
  3. From the Save As drop-down list, click Dashboard Panel to create a dashboard panel.
  4. Click View Dashboard to view dashboard in the Dashboard panel. For information, see Home Dashboards onpage 1585.

Anchor
Exporting Search Results
Exporting Search Results
Anchor
bookmark3027
bookmark3027
Exporting Search Results

...

  1. From the Reporting tab, select the Search tab.
  2. Enter the search criteria and then click the Search icon. The search results are displayed in the New Search panel.

  3. Click the Export iconto export search results.
  4. In the Export Results dialog box, complete the following:
    • Format: Select CSV or XML from the Format drop-down list.
    • File Name: Specify a file name for the export file. This is optional.
    • Number of Results(sad):(Limited or Unlimited). If you select Limited, enter the number of results to be exported in the Max Results field.
  5. Click Export.

...

  1. .

...

...

Anchor
Saving Search as Alerts
Saving Search as Alerts
Anchor
bookmark3028
bookmark3028
Saving Search as Alerts

...

  1. From the Reporting tab, select the Search tab.
  2. Enter the search criteria and then click the Search icon.
  3. From the Save As drop-down list, click Alert.
  4. In the Save As Alert dialog box, specify all alert settings. For information about scheduling alerts, see Creating Scheduled Alerts0.
  5. Click Save.