You can view the overall summary of DNS, DHCP, and IPAM activities in the Home Dashboard page. This page presents a summary view of the following:
DDI Summary: Presents statistical information about the DNS, DHCP, and IPAM activities of all Grid members.
DNS: Displays the statistical summary of DNS activities. You can export the search results, open in search, and refresh.
DHCP: Displays the statistical summary of DHCP activities. You can export the search results, open in search, and refresh.
IPAM: Displays the summary of the Top 10 IPAMv4 Utilized Networks dashboard.
Reporting Health: You can view the license usage by the reporting server:
Today's License Usage: Current license usage by the indexer.
License Usage Trend per Member: License usage by the indexer per member.
Note
When you click Open in Search for a report, dashboard, or alert, the content of the entire page is encoded and displayed in the Search page. To avoid encoding, go to Activity tab -> Jobs. The Jobs page lists the search job history in the form of links. The top one is the latest search job executed by the alert or dashboard or report. The search string is not encoded when you click this link to run the search.
Reporting Home Dashboard
On the Home Dashboard, you can also work with searches as described in the following sections:
About Searches
Best Practices for Customizing Searches
Creating Reports from a Search
Saving a Search as a Dashboard Panel
Exporting Search Results
Saving Search as Alerts
About Searches
Searches are criteria that the reporting server uses to save reports and dashboard panels. Each predefined report has an associated search. For more information, refer to the official Splunk documentation: http://docs.splunk.com/Documentation.
To run a search:
From the Reporting tab, select the Search tab.
Enter the search criteria. Use the auto-open search tips from Splunk.
If necessary, select a time range in the time range picker at the end of the search bar. By default, it is set to Last 24 Hours.
Click the Search icon.
The search results are based on the most seen events for the dashboards listed in the table below. To know more about dedup searches, reports, or dashboards, refer to https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/Dedup.
Dashboards and Deduplicate Key(s)
Dashboard | Deduplicate Key(s) |
|---|---|
Inactive IP Addresses, for more information see Devices (Discovery) Dashboards. | Network view + IP address |
For more information about these dashboards, see IPAMv4 Utilization Dashboards. | |
Network view + network | |
DNS view | |
DNS view + DNS zone | |
IPAMv4 Network Usage Statistics | Network view + Network |
Network view + Network | |
Sample Search Summary
The search results are displayed in the New Search panel, as illustrated in the New Search View. In the New Search panel, you can save search results as Report, Dashboard Panel, and Alert.
When you deploy reporting clustering, we enable Splunk configuration to prevent data loss from forwarders, which may cause duplicated events in the indexer under certain circumstances. When you view reports and dashboards, the events that are already deduped are not duplicated again. However, if you view raw search events (such as write your own search against the indexed data directly), you may still see the duplicated events.
New Search View
Best Practices for Customizing Searches
You can optimize the performance of your reporting server and more efficiently view and manage your reports. Depending on the type of search and the data you want to search for, Infoblox recommends that you use the following guidelines:
Specify shorter start and end times whenever possible.
Time range is one of the most important factors for search performance. Depending on the number of events that need to be loaded from the disk, it might take a long time when you specify a wider time range as it involves a large amount of data.
Be specific about the fields you use.
Rare searches are faster than dense searches, so be specific whenever possible.
Start a search from a smaller dataset and then gradually apply it to bigger dataset.
When experimenting searches, start with a small date and time range, and then apply it to a bigger time range only when it is optimized.
If a search is running for a long time, you can use the Pause and Stop buttons.
You can tune the search criteria and run it again if you stop an ongoing search job.
Configure the panels to display data only if you have specific input instead of adding too many panels to the dashboard.
Scheduling expensive searches.
You can configure reports and dashboards by scheduling searches because prefetched search results are displayed each time the reports and dashboards are opened. This reduces the workload on the reporting server without data freshness.
Stagger scheduled searches.
Try to stagger your searches whenever possible. When you define how often the reporting server runs a search, be aware of other searches that the server is running. When you schedule the server to run many searches at the same time, the server performance can be negatively affected.
Creating Reports from a Search
You can create reports by saving a search as a report. To save a search as a report:
From the Reporting tab, select the Search tab.
Enter the search criteria and then click the Search icon. The search results are displayed in the New Search panel.
From the Save As drop-down list, click Report to generate a report.
Enter title and description.
Click Save.
Do one of the following in the Your report has been created dialog box:
Click View to view your report on the Report page.
Click Continue Editing to edit.
Click Add to Dashboard to add new report to the dashboard panel.
You can also complete the following settings in the Your report has been created dialog box:
Permissions: Click this to edit permissions for your report, as described in Editing Permissions, see Administrative Permissions.
Schedule: Click this to schedule a report. For information about scheduling reports, see About Reports.
Acceleration: For more information, refer to the Splunk documentation.
Saving a Search as a Dashboard Panel
You can save a search as a dashboard panel.
Do the following to save a search as a dashboard panel:
On the Reporting tab, select the Search tab.
Enter the search criteria and then click the Search icon. The search results are displayed in the New Search panel.
From the Save As drop-down list, choose New Dashboard to create a dashboard panel, or, you can choose Existing Dashboard to save the search to an existing dashboard panel.
In the Save Panel to New Dashboard dialog box, complete the following:
In the Dashboard Title field, enter a title.
Click Edit ID to modify the Dashboard ID field. It should only contain letters, numbers, and underscores.
In the Description field, type a description.
Select Classic Dashboards, or select Dashboard Studio and choose Absolute or Grid layout to create a dashboard.
Classic Dashboards type of dashboard is the traditional splunk dashboard builder.
Dashboard Studio type of dashboards are new type of dashboards available with the latest splunk version.Click Save to Dashboard.
When prompted, click View Dashboard to view the dashboard in the Dashboard panel. For more information, see About Dashboards.
Note
There are no pre-defined dashboards available for the Dashboard Studio.
Exporting Search Results
You can export the data in the selected search in CSV (comma separated value) or XML format. Note that this may take a long time depending on the amount of data you want to export. To schedule the export of search results to an FTP, SCP, or TFTP server configured on the Set up page, select File Transfer Action when creating a scheduled alert, as described in Creating Scheduled Alerts, see About Alerts.
To export data in a selected search:
From the Reporting tab, select the Search tab.
Enter the search criteria and then click the Search icon. The search results are displayed in the New Search panel.
Click the Export icon
to export search results.In the Export Results dialog box, complete the following:
Format: Select CSV, XML or JSON from the Format drop-down list.
File Name: Specify a file name for the export file. This is optional.
Number of Results:(Limited or Unlimited). If you select Limited, enter the number of results to be exported in the Max Results field.
Click Export.
Saving Search as Alerts
To save a search as an alert:
From the Reporting tab, select the Search tab.
Enter the search criteria and then click the Search icon.
From the Save As drop-down list, click Alert.
In the Save As Alert dialog box, specify all alert settings. For information about creating scheduling alerts, see About Alerts.
Click Save.