Create Your Dashboard¶
You’ve got data coming in, let’s add information to a dashboard to better visualize the data we want to see.
Add a Dashboard¶
Now we’ll create a new dashboard for these messages by opening the Dashboards page in the top menu and clicking on Create dashboard.
Give your new dashboard a title and description.
In this given example the title is Important Stuff and the description Look at this, yo.
Add a Dashboard Widget¶
Click the “Show received messages” button next to the appliance-syslog-udp input on the System > Inputs page to only show messages received by this input.
We’ll start by adding a widget with the message count: Click on Add count to dashboard and select the new created dashboard.
Now it will let you create a widget. In this case, we are creating a widget from our search result of message count in the last 8 hours. I like to put a timeframe in the title, and trends are always a big bowl of sunshine.
When you hit create you will see a small green notification at the bottom of the page. Click Dashboards and then the name of your dashboard.
And you’ll end up with the widget you created!
Extra Credit - One more¶
Let’s add a widget for root activity, because that sounds like it may actually be useful. We need to start with a search query for root. Click Search. Type root in the search and select your timeframe. Once the search results come in, click Add count to the dashboard.
Give your chart a title and hit Create.
The new widget is now on the screen. Good job - you’ve got this!
Go play around. If you want to know how to create more exciting charts and graphs, check out the section below.
Extra Credit - Graphs¶
Let’s start by searching for all messages within the last 1 hour. To do this, click Search, select Search in the last 1 hour, and leave the search bar blank. Once the search results populate, expand the messages field in the Search results sidebar and select Quick Values. Click Add to dashboard to add this entire pie chart and data table to your dashboard.
I like to track password changes, privilege assignments, root activity, system events, user logins, etc. Go knock yourself out and show your co-workers.
Once you have a few widgets in your dashboard, go into unlock / edit mode to quickly edit any widget, rearrange them on your dashboard, or delete. Make sure to click Lock to save!
You can find out why dashboards matter at our Dashboard documentation.