TIPS & TRICKS

Breadcrumb Feature in Splunk

Karthika Krishnan By Karthika Krishnan June 04, 2017

As a Forward Deployed Software Engineer, I've had several interesting use cases presented to me. But one of the more recent challenging ones was the implementation of the Breadcrumb Feature with Splunk dashboards. In this post, I will be demonstrating one of the many implementations of this feature and the conditions under which it could be used.

To start off with a basic naming convention, we have :

    parent: The dashboard where we start off.

    child: The dashboard that populates when we drilldown on the panels of the parent.

    second_child: The dashboard that populates when we drilldown from a hyperlink on the child.

The use case has three different apps sharing several dashboards among themselves. The flow from one dashboard to the other was identified clearly during the requirements gathering phase in which it was established that we move from parent to child and subsequently to a second_child dashboard. The procedure followed here is entering the names of the dashboard files within the JavaScript, with their parent and super parent dashboard file names, into a JSON object within the JavaScript File. We then place the JavaScript and CSS files in the “/opt/splunk/etc/apps/<relevant_app_name>/appserver/static” directory.

Points to keep in mind:

    1. The names of the files need to be coded into the JavaScript.

    2. When navigating back to the parent/child pages from the breadcrumb, the initial search state of these dashboards will be lost. The dynamic implementation that retains the state of the current page along with tokens used on the dashboard, will require use of user sessions, cookies and stack model. This would require further research to fully develop, more than our typical 1-week turn time (thus leaving the door open for further PS engagements later on).

    3. A link to the respective app is also provided at the start of the breadcrumb, which would lead the user to the dashboards page of the app.

    4. The JavaScript would function to show the BreadCrumb only if we are in the "testApp2" App and not in the other apps that share these dashboards.  

The code on the parent dashboard would look like below: 

The code on the child dashboard would look like this.

The code on the second child dashboard would look like this.

Finally, our output would look like so in the child and second child dashboards respectively.

Happy Splunking !

Karthika Krishnan
Posted by

Karthika Krishnan

Karthika is a Partner Solution Engineer currently dedicated to designing and delivering custom integrations to support the Splunk Partner ecosystem. Originally hailing from Bangalore, India, she holds a Masters’ Degree in Computer Science from The University of Texas at Dallas. Karthika learned to speak 5 languages by the time she was 5 years old. She finds deep solace in meditation & yoga, strongly believing that meditation and hard work has brought her to where she is.