Splunk Practice Exercise 8: Create Dashboard - Investigate Logs with user input

Introduction

This practice exercise focuses on creating a dashboard to investigate logs with the user input JSESSIONID.

Step 1: Access Splunk Web

1. Open your web browser and navigate to Splunk Web:

   http://<your server ip>:8000

2. Log in using your credentials.

Step 2: Navigate to Search & Reporting App

1. In the Splunk Web interface, go to the Search & Reporting app.

Step 3: Construct the Search Query

1. In the search bar, enter the following search query:

   index=tutorial JSESSIONID=*
   

This query should output all the events with JSESSIONID. JSESSIONID values can be seen under interesting fields. You may refer to the screenshot below.

Step 4: Create a Dashboard Input

1. Click on the Dashboard tab.

2. Click Create New Dashboard. Name it as JSESSIONID Dashboard

3. Add a new input to the dashboard:

   • Click on Add Input.
   • Choose the Text Input type.
   • You can use the label JSESSIONID or whatever you prefer
   • Configure the input to use the token jsessionid.

Step 5: Create a Dashboard Panel

1. Add a new panel to the dashboard:

   • Click on Add Panel.
   • Choose the visualization type Events.
   • Configure the panel to display logs related to the specified JSESSIONID using the $jsessionid$ token.
     • index=tutorial JSESSIONID=$jsessionid$
     • Make sure to use time frame as All time

Step 6: Arrange and Customize the Dashboard

1. Arrange the input and panels on the dashboard as desired.

2. Customize the dashboard properties, such as title and background, to your preference.

Step 7: Validate that your Dashboard works

1. Initially your dashboard should look something like this:

   

2. Input a sample JSESSIONID value from Step 3 and press enter.

3. The dashboard should update and will display the events in the specific JSESSIONID from your input:

   

Step 8: Save and take a screenshot of your Dashboard

1. Click Save on the upper right corner to save the dashboard.

2. Take a screenshot of your dashboard (save to your local) to showcase it.

Conclusion

Congratulations! You have successfully completed the practice exercise, creating a dashboard to investigate logs with the user input JSESSIONID. Continue to explore and experiment with different dashboard components and customization options to enhance your Splunk skills.