Skip to content

Splunk Practice Exercise 7: Creating a Dashboards - Track Status Errors over Total Requests

Introduction

This practice exercise focuses on creating a dashboard that tracks status errors (5xx and 4xx), total errors, and total requests.

Step 1: Access Splunk Web

  1. Open your web browser and navigate to Splunk Web:

    http://<your server ip>:8000

  2. Log in using your credentials.

Step 2: Navigate to Search & Reporting App

  1. In the Splunk Web interface, go to the Search & Reporting app.

Step 3: Construct the Search Query

  1. In the search bar, enter the following

Splunk Query:

index=tutorial status=*
| stats count as TotalRequests,
    sum(eval(if(status >= 500, 1, 0))) as Error5xxCount,
    sum(eval(if(status >= 400 AND status < 500, 1, 0))) as Error4xxCount,
    sum(eval(if(status >= 400 OR status >= 500, 1, 0))) as TotalErrorCount

This query calculates the total number of requests, the count of 5xx errors, the count of 4xx errors, and the total count of errors.

Step 4: Create a Dashboard Panel

  1. Click on the Dashboard tab.

  2. Click Create New Dashboard. Name it as Requests monitor and select Classic Dashboards

  3. Add a new panel to the dashboard:

    • Click on Add Panel.
    • Choose the visualization type Single Value
    • Make sure the time range is in All time in ALL panels
    • Configure the panel to display the total number of requests. Name the panel as Total Requests
      • index=tutorial status=* | stats count as TotalRequests
    • Add another panel to display the total count of errors. Name the panel as Total Errors
      • index=tutorial status=* | stats sum(eval(if(status >= 400 OR status >= 500, 1, 0))) as TotalErrorCount
    • Add another panel to display the count of 5xx errors. Name the panel as 5xx Errors
      • index=tutorial status=* | stats sum(eval(if(status >= 500, 1, 0))) as Error5xxCount
    • Add another panel to display the count of 4xx errors. Name the panel as 4xx Errors
      • index=tutorial status=* | stats sum(eval(if(status >= 400 AND status < 500, 1, 0))) as Error4xxCount

Step 5: Arrange and Customize the Dashboard

  1. Arrange the panels on the dashboard as desired.

  2. Customize the dashboard properties, such as titlem background and color, to your preference.

Step 6: Save and take a screenshot of your Dashboard

  1. Click Save on the upper right corner to save the dashboard.

  2. Take a screenshot of your dashboard (save to your local) to showcase it. A sample customized dashboard is shown below.

Dashboard

Conclusion

Congratulations! You have successfully completed the practice exercise, creating a dashboard that tracks status errors (5xx and 4xx), total errors, and total requests. Continue to explore and experiment with different dashboard components and customization options to enhance your Splunk skills.