TIPS & TRICKS

Dashboard Digest Series - Episode 6: Traveling on Time with Trellis

Stephen Luedtke By Stephen Luedtke May 31, 2017

Welcome to Episode 6 of the Dashboard Digest series!

With the latest release of Splunk 6.6 I decided to test out a new dashboarding feature called Trellis. Trellis provides a way to create multiple visualizations from a single query right from the GUI. Previously to do this you probably had to edit the Simple XML, copy & paste the original chart over and over again and change the search parameters ever so slightly. Not only that but the more panels you created and copied the more resources you drained while running your dashboard.  Trellis solves both of these problems!

Today I’ll be using a rather fun dataset (in my opinion at least!) to visualize airline performance statistics over the past few years.  Why? Because I tend to fly a lot (and get delayed a lot) and was curious how performance between airlines stacked up. I found the data source thanks to older App on Splunkbase and created my own searches and analytics from there. The end result looked something like this (Trellis is used for both panels in the middle row):  

Trellis Splunk Custom Visualization

Before I get into the details I want to mention there will be a contest for designing your own Trellis in a dashboard!  I'm excited to see what the community comes up with and there will be prizes!  See the details here.

Now let’s see how I created a Trellis!

Purpose: Display the different options for mapping geographic data in Splunk.
Splunk Version: Splunk 6.6
Data Sources: FAA Airline Statistics - https://www.transtats.bts.gov/DL_SelectFields.asp?Table_ID=236&DB_Short_Name=On-Time
Apps: Federal Aviation Administration, Missile Map, Status Indicator Single Value, Timeline
Related Blog Posts: Discovered Intelligence Blog Post on Trellis, What's New in Splunk 6.6

The first set of questions I asked myself were:

  1. How many flights were there total by airline?
  2. How many cancellations were there by reason (Airline, FAA, Security, or Weather)?
  3. How many total hours of delays were there by reason (Misc. Airline issues, Late Plane, FAA, Security, or Weather)?

After that I wanted to see a more detailed breakdown of those cancellations and delays by airline. I plotted it all on a timechart, but wanted to see things in a different dimension. For example, what are the current values by each airline this month, compared to the last month and an overall trend? Single value indicators seemed like a good option for this, but to account for each airline I would need to make 12+ single value visualizations!  With Trellis I simply clicked Edit Visualization on the timechart, enabled Trellis and selected the Single Value indicator.

Before Trellis timechart:

 

 

Enabling Trellis:

 

I then tweaked the single value colors and trellis sizing (selected “small” icons) to get the following! All of these extra visualizations and panels now just use 1 query to power them!

The end result:

I bet many of you are probably eyeing the new mapping visualization at the bottom. If you haven’t already learned, I love Splunk + Maps.  As for the new visualization it’s called a Missile Map and is a great way to visualize to/from pairs. It even includes animation, line thickness and color options. Management won’t be able to resist! In this case I wanted to visualize the cancelled and delayed routes by airline. 

Can we Trellis a custom visualization you ask? The short answer is Yes! However I would add “results may vary.” To get a custom visualization to work for trellis, the developer can simply add the capability into the custom visualization and would be tested by them. Details can be found in the docs here. The super quick version is to add the following line to visualizations.conf found in the custom visualizations app’s directory.  

<code>supports_trellis=true</code>.

And voila!

Trellis Splunk Missile Maps

Trellis is a great way to generate multiple visualizations using the same single query and split-by techniques. I highly recommend checking it out!

After looking into the cancellations and delay statistics I started asking more questions (Thanks to the original App on splunkbase for the ideas!). What is the Airline's overall availability? Average delay?  How about the the airline's inventory of aircraft? The questions could go on forever… can you spot the use of the single value Status Indicator custom visualization?

dashboard airline stats summary

I also figured it would be interesting to start comparing TaxiOut --> FlightTime --> TaxiIn time visually across the same flight number day after day using another custom visualization called the Timeline. Now I just need to correlate the causes of variation ;)

Next up - joining my actual flight history with this dataset and mapping out my individual journey!

That’s it for today, hope you enjoyed Episode 6 and Happy Splunking!

Stephen

Stephen Luedtke
Posted by

Stephen Luedtke

Stephen started his career as a Network and Systems Engineer for one of the world's largest and most sophisticated communication networks—the FAA's Telecommunications Infrastructure. After 7 years and catching the data analytics bug, he found Splunk and joined as a professional services consultant. For almost 2 years he worked directly with clients to design and implement data analytics solutions using Splunk as a platform spanning almost every industry before moving to technical product marketing. After 4 years of building demos, enabling the field and presenting to audiences of all sizes, he just recently joined the blockchain team as a Data Engineer. Stephen is a Splunk Dashboard Ninja and Splunk's just about anything including his cars, thermostats, garden, energy usage and much more. He lives in Denver, CO with his wife and dog, loves beer, car racing and anything outdoors.