Daniel Spavin
daniel@spavin.net
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Melbourne Australia.
8.0, 7.3, 7.2, 7.1, 7.0, 6.6
This app is for dashboard designers who want to compactly display parent-child relationships in their data.
This app provides a visualization that you can use in your own apps and dashboards.
To use it in your dashboards, simply install the app, and create a search that provides the values you want to display.
Usecases for the Tree View Visualization: * Grouping categories together, e.g. sourcetypes by host * Providing a compact interface for generating tokens for drill-downs in a dashboard * Creating a menu in a set of dashboards * Visualizing the layout of files, running process, or perfmon stats on multiple hosts
The following fields can be used in the search: * id (required): An identifier for the lable. Use this value when assigning child items. Will default to the label if not supplied. * label (required): The value shown next to the item. * parentid (optional): Sets the parent item based on id. Will create a parent folder with the same label as the ID if one doesn't already exist. * iconFolder (optional): When using "custom" style, selects icon for folders. * iconDoc (optional): When using "custom" style, selects icon for child items.
index=_internal
| stats count by sourcetype, source
| rename source as id, sourcetype as parentId
| eval label = id
| table id, label, parentId
Tokens are generated each time you click an item. This can be useful if you want to populate another panel on the dashboard with a custom search, or link to a new dashboard with the tokens carying across.
The following standard Splunk drill-down tokens are also generated:
v 1.1.0 * New option to have all folders open when the visualization starts. Options - General - Initial State = Closed / Open, Based on user request * Added app manifest for Splunk Cloud * Fixed some issues with drill-downs * AppInspect now passes
v 1.0.0 * Initial version
If you have a bug report or feature request, please contact daniel@spavin.net
No personally identifiable information is logged or obtained in any way through this visualizaton.
Send email to daniel@spavin.net
Support is not guaranteed and will be provided on a best effort basis.
Icons made by FontAwesome
v 1.5.0
- Updated to latest libraries for Splunk Cloud compliance
v 1.4.0
- Increased search data limit to 250,000 rows. Warnings will appear if this limit is exceeded
- Fixed bug where some drilldowns didn't work
- Added detection of very deep nesting of items. Any nesting more than 1,000 items deep will trigger an warning message
- Minor changes to example dashboards
- Updated CSS to avoid conflicts
v 1.3.0
Fixed issue where the order of events could change the tree structure
Fixed bug were some item names resulted in errors
Added cycle detection - now if a cycle is detected, the node will be added to the root node instead of the parent.
Updated to JQuery 3.5.0, other minor changes to meet Splunk Cloud validation checks
V 1.2.0
- Added ability to set color for icons via new field "color"
v 1.1.0
New option to have all folders open when the visualization starts. Options - General - Initial State = Closed / Open, Based on user request
Added app manifest for Splunk Cloud
Fixed some issues with drill-downs
AppInspect now passes
Version 1.0.0
Initial Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.