TIPS & TRICKS

Splunk Enterprise 6.1: Embedded Reports

Splunk By Splunk May 08, 2014

Splunk 6.1 is here and I’m loving it.

For those who haven’t read thru the release notes yet and jumped on the “Embedded reports” feature, I wanted to walk you through it and show you just how easy it is.  Go to splunk.com and download Splunk 6.1.  While you’re there, go over to the Apps community and get this bad boy–Splunk Enterprise 6.1 Overview.

Once you fire it up, your Splunk home screen should look like this.

 

001_SplunkStarteAppInstalled

 

In addition to giving you a tour of the new key features, the Splunk Enterprise 6.1 Overview app includes some data already assigned to index=sfpd.  I’ll use that data and make a simple search that will form the basis of the report that I am going to share via an embedded link.  My search is going to chart the total number of burglaries in relation to the total number of incidents.

index=sfpd | timechart count as “Total Incidents” count(eval(Category=”BURGLARY”)) as “BURGLARY”

Click on the visualization tab to look at the chart.  For simplicity, we will go with the default settings.

 

002_BurglaryVsTotal

 

Splunk takes its mission statement seriously.  “Make machine data accessible, usable and valuable to everyone”.  We just raised the bar with embedded reports.  Let’s do it.

In the right hand corner of the screen, click the “Save As” pulldown and save the chart as a “Report”.

 

003_SaveAsReport

 

I’ll name the Report “Burglary vs Total Incidents” and click “Save”.

 

004_NameTheReport

 

Once I’ve saved the report, I have the ability to edit additional settings:

– Permissions
– Schedule
– Acceleration
– Embed

Before I embed the report, I need to schedule it.   Select “Schedule”.

 

005_ScheduleTheReport

 

To run the report for this blog post, I’m going to use the cron scheduler for finer granularity.  In this case, every 5 minutes.  Overkill I know, but I don’t want to wait to share my report.

 

006_EveryFiveMinutes

 

Here I can run a script, send an email to interested colleagues or just save it.  Select “Save”.

 

007_SaveIt

 

From the “Edit” pulldown in the upper right hand corner, I can edit the settings of the report.  Select “Embed”.

 

008_EditEmbed

 

Enabling is not on by default, so I have to enable it.  Select “Enable Embedding”.

 

009_EnableEmbedding

 

I now have an iframe tag with the link populated with the necessary information to access my Splunk server.

 

010_iFrameCode

 

Next, I need an HTML page to embed the link.  I will now create the simplest of simple HTML pages.

 

011_BanalHTML

 

Copy the iframe tag from the embed dialog and add the iframe tag as shown below.

 

012_AddTheIframe

 

At this point we are done, but I am going to make one change to the width attribute.  I’ll change it from 480 to 780.

 

013_EditWidth

 

That is it.  View the HTML file in your favorite browser.  Machine data for everyone made possible by the power of Splunk!

 

014_SplunkForEveryone

 

015_SplunkForEveryone

 

Happy Splunking, and now it’s even easier to share your happiness!!!!!

 

Splunk
Posted by

Splunk