As seen in the Splunk blog post: https://www.splunk.com/en_us/blog/security/visual-link-analysis-with-splunk-part-2-the-visual-part.html
Profiled on YouTube by the Splunk & Machine Learning channel: https://www.youtube.com/watch?v=2pbEVARIC3w
8.0, 7.3, 7.2, 7.1, 7.0, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0
This app is for dashboard designers who want to display how different entities are related to eachother on a dashboard panel.
This app provides a visualization that you can use in your own apps and dashboards.
To use it in your dashboards, simply install the app, and create a search that provides the values you want to display.
The following fields can be used in the search:
- from (required): The unique name of the source entity.
- to (optional): The unique name of the destination entity.
- value (optional): Text to display as a tool tip. This text is also available as a token when the entity (from) is clicked.
- type (optional): This is used to display the entity on the dashboard (from). Use the list of icons available, Splunk server icons, or shapes.
- color (optional): Used to set the color of the text and icon (except for Splunk icons).
- linktext (optional): Text to display on the link between the from and to entities.
Options can be overwritten, so if type or color is set multiple times in the search results, the last value will be used. This is useful if you wish to set the icon types and values via a lookup table at the end of your search.
You can now save the layout of a Network Diagram Viz to make sure a specific layout is always displayed on your dashboards.
To create a layout, go to the Create Layouts dashboard and follow these steps:
Note: You must have physics turned off: General > Enable Physics = false
You must also turn off hierarchy settings: Hierarchy > Hierarchy View = false
To prevent users from altering your layout, you can choose to disable draggable nodes: General > Draggable Nodes = false
| makeresults count=12 | streamstats count as id | eval from=case(id=1,"Load Balancer",id=2,"Load Balancer",id=3,"Load Balancer", id=4,"Web 1",id=5,"Web 1", id=6, "Web 2",id=7,"Web 2", id=8,"Web 3",id=9,"Web 3",id=10,"App Server 1",id=11,"App Server 2",id=12, "Database Server") | eval to=case(id=1,"Web 1",id=2,"Web 2",id=3,"Web 3", id=4,"App Server 1",id=5,"App Server 2", id=6, "App Server 1",id=7,"App Server 2", id=8,"App Server 1",id=9,"App Server 2",id=10,"Database Server",id=11,"Database Server",id=12, "") | eval value=case(id=1,"Load Balancer",id=2,"Load Balancer",id=3,"Load Balancer", id=4,"Web 1",id=5,"Web 1", id=6, "Web 2",id=7,"Web 2", id=8,"Web 3",id=9,"Web 3",id=10,"App Server 1",id=11,"App Server 2",id=12, "Database Server") | eval type=case(id=1,"sitemap",id=4,"server", id=6, "server",id=8,"server",id=10,"server",id=11,"server",id=12, "database") | fields from, to, value, type
Tokens are generated each time you click a node. This can be useful if you want to populate another panel on the dashboard with a custom search, or link to a new dashboard with the tokens carying across.
If you have a bug report or feature request, please contact firstname.lastname@example.org
No personally identifiable information is logged or obtained in any way through this visualizaton.
Send email to email@example.com
Support is not guaranteed and will be provided on a best effort basis.
This visualization uses the network module from visjs.org
Icons made by Smashicons from www.flaticon.com is licensed by CC 3.0 BY
Icons made by https://fontawesome.com
- All 'to' nodes are now generated by default, simplifying the search
- The "box" type now has legible text. See it used on the Business Process example dashboard
- Added business process use case with the updated "box" type
- Drill-downs are disabled on all search results pages. This allows you to move the nodes around on the search/visualization tab without performing a drill-down
- There is now a faint box around the node text to help legibility (disabled on IE browsers)
- Created new option for Physics: Partial. This option (along with dynamic lines and line length) will let you see multiple links between the same nodes without them overlapping. See it on the new General Examples dashboard
- Updated libraries to the latest versions
- Bug fix: NodeText won't be overwritten with blank values
- Bug fix: Fixed error where some default icon options were ignored
- Other minor bug fixes
- Improved dark-mode compatibility for link text
- Fixed bug were a panel resize would make the diagram appear off-centre
- Added new field: nodeText so you can have a different label for a node to the from field. Defaults to the 'from' field value.
- Added option to make drill-downs activate on double-click only, so you can move nodes around without it trying to drill-down.
* Drill-downs now work on a single click, rather than a double click
* You can now set the link length from search by specifying a linkLength field
* Default link length can be set in options
* Under Hierarchy settings you can now specify the distance between layers, and if Physics is disabled, spacing between nodes
* The options menu has been re-organised to better group related options
* Created a dark-mode version of the Create Layouts dashboard
- Huge performance increase - show up to 10,000 nodes within a few seconds. New performance dashboard to test out massive network diagrams.
- Added new edge types to change the way nodes are linked: Dynamic, Cubic Bezier, Discrete, Continuous, Diagonal Cross, and Straight Cross.
- Added arrows to edges to help show the flow. Show arrows at the start, middle, or end of edges.
- Edges now have a tooltip when you hover over them if you set a linktext value.
- There is a new token for tooltips: $nd_tooltip_token$.
- Fixed bug when default icon was set to a logo icon.
- Minor bug fixes related to grouping.
- Drill-Down is now supported via the standard Splunk Drill-down menu. This change will enable drill-downs to other dashboards, searches and URLs while also supporting custom tokens.
- There is now a date picker on the Layout Design dashboard to allow you to time limit your searches.
- Both the node label and link text size can be increased - see the new options under General: Node Text Size and Link Text Size
- Fixed bug where Splunk License server icon didn't change color
- Splunk icons can now be colored: red, yellow, green, blue. Just set your color field in your search to one of these colors.
- You can also use terms like 'error','bad','severe','high' for Red, 'amber','warning','medium','orange' for yellow, 'ok','good','low' for green, and 'debug','unknown' for blue.
- Hundreds more icons available - see the Available Icons dashboard for the complete set
- Fixed options menu 'undefined' text that appears on Splunk 7.3
User requested features:
- Control the width of links using the new linkwidth field in your search (optional)
- Set the color of links using the new linkcolor field in your search (optional)
- Use the link text as a token when you click on it - defaults to: $nd_value_token$
- Ability to disable zoom - new setting in the Options menu
- Set the default node type instead of defining a type in your search - new config in the options menu.
- New icons - a range of new icons for Windows, Linux, Git, Skype, Java, Google Drive and others. See the Available Icons dashboard for the complete set.
- When you click on a link between two nodes, you now get tokens for the From and To nodes, as well as the link text.
- Fixed typos in dashboards and configuration settings
Save your layout designs. You can now use an in-built dashboard to create specific layouts based on your searches. A new search will be generated for use in your dashboards that preserves the layout you have designed.
See new dashboard: Create Layouts.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.