How to create Create a dashboard in Splunk for Ansible Tower
Updated: Oct 3, 2021
In our previous post, We have discussed on How To Install Splunk in Red Hat Enterprise Linux 7 and How to integrate Ansible Tower with Splunk logging. Now we are going to create a dashboard based on Ansible Tower HTTP Event Collector (HEC) logs.
Les't start.
View the Ansible Logs from the Splunk:
We can search the logs in "Search & Reporting" windows from the Splunk Web based GUI.
Click the Search & Reporting from the Home page.
Click the Data Summary from the Search page
Click SourceTypes > httpevent, as below.
Click on the field (e.g. event) that we would like to filter in the New Search windows, After that select Add to search in menu, as below.
Click on the All Fields button in the New Search windows, as below
Select (checkbox) the field being filtered in the Select Fields windows, as below.
Close the above window and click on Visualization button in the New Search windows, as below.
Select the Pivot option, as below.
Click "Selected Fields (6)" and click OK, as below.
In the New Pivot window, we have filtered as "All time", as below
In the New Pivot window, Click "+" under the "Split Columns" and select event , as below.
and then click "Add To Table" button in next window, as below.
Now, we will have a view of the information separated in columns with the name of the column being the event and their number of appearances in the logs, as below.
Now, click "Save As" and select "Dashboard Panel", as below.
To create a New Dashboard Title as "Ansible Tower Dashboard", also set the Panel Title, Model Title, as below.
Click on Edit in the upper right menu, as below.
Now, in the atd_events panel click on "Select Visualization".
choose the Select Visualization as we want.
And we have select “Ple Chart” and click “Save”.
Now we repeat the process, and we have created filters, Table, etc as per the above steps. after that we have selected the existing dashboard "Ansible Tower Dashboard" to add new panels to the dashboard, as below.
And we can furnished our existing dashboard, by creating some more panels and adding them to the existing dashboard.