In our previous post, We have discussed on How To Install Splunk in Red Hat Enterprise Linux 7 and How to integrate Ansible Tower with Splunk logging. Now we are going to create a dashboard based on Ansible Tower HTTP Event Collector (HEC) logs.

Les't start.

View the Ansible Logs from the Splunk:

We can search the logs in "Search & Reporting" windows from the Splunk Web based GUI.

1. Click the Search & Reporting from the Home page.

2. Click the Data Summary from the Search page

3. Click SourceTypes > httpevent, as below.

Click on the field (e.g. event) that we would like to filter in the New Search windows, After that select Add to search in menu, as below.

Click on the All Fields button in the New Search windows, as below

Select (checkbox) the field being filtered in the Select Fields windows, as below.

Close the above window and click on Visualization button in the New Search windows, as below.

Select the Pivot option, as below.

Click "Selected Fields (6)" and click OK, as below.

In the New Pivot window, we have filtered as "All time", as below

In the New Pivot window, Click "+" under the "Split Columns" and select event , as below.

and then click "Add To Table" button in next window, as below.

Now, we will have a view of the information separated in columns with the name of the column being the event and their number of appearances in the logs, as below.

Now, click "Save As" and select "Dashboard Panel", as below.