Daniel Spavin
daniel@spavin.net
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Melbourne Australia.
As seen in the Splunk blog post: https://www.splunk.com/en_us/blog/security/visual-link-analysis-with-splunk-part-2-the-visual-part.html
Profiled on YouTube by the Splunk & Machine Learning channel: https://www.youtube.com/watch?v=2pbEVARIC3w
8.0, 7.3, 7.2, 7.1, 7.0, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0
This app is for dashboard designers who want to display how different entities are related to eachother on a dashboard panel.
This app provides a visualization that you can use in your own apps and dashboards.
To use it in your dashboards, simply install the app, and create a search that provides the values you want to display.
The following fields can be used in the search:
- from (required): The unique name of the source entity.
- to (optional): The unique name of the destination entity.
- value (optional): Text to display as a tool tip. This text is also available as a token when the entity (from) is clicked.
- type (optional): This is used to display the entity on the dashboard (from). Use the list of icons available, Splunk server icons, or shapes.
- color (optional): Used to set the color of the text and icon (except for Splunk icons).
- linktext (optional): Text to display on the link between the from and to entities.
Options can be overwritten, so if type or color is set multiple times in the search results, the last value will be used. This is useful if you wish to set the icon types and values via a lookup table at the end of your search.
You can now save the layout of a Network Diagram Viz to make sure a specific layout is always displayed on your dashboards.
To create a layout, go to the Create Layouts dashboard and follow these steps:
Note: You must have physics turned off: General > Enable Physics = false
You must also turn off hierarchy settings: Hierarchy > Hierarchy View = false
To prevent users from altering your layout, you can choose to disable draggable nodes: General > Draggable Nodes = false
| makeresults count=12
| streamstats count as id
| eval from=case(id=1,"Load Balancer",id=2,"Load Balancer",id=3,"Load Balancer", id=4,"Web 1",id=5,"Web 1", id=6, "Web 2",id=7,"Web 2", id=8,"Web 3",id=9,"Web 3",id=10,"App Server 1",id=11,"App Server 2",id=12, "Database Server")
| eval to=case(id=1,"Web 1",id=2,"Web 2",id=3,"Web 3", id=4,"App Server 1",id=5,"App Server 2", id=6, "App Server 1",id=7,"App Server 2", id=8,"App Server 1",id=9,"App Server 2",id=10,"Database Server",id=11,"Database Server",id=12, "")
| eval value=case(id=1,"Load Balancer",id=2,"Load Balancer",id=3,"Load Balancer", id=4,"Web 1",id=5,"Web 1", id=6, "Web 2",id=7,"Web 2", id=8,"Web 3",id=9,"Web 3",id=10,"App Server 1",id=11,"App Server 2",id=12, "Database Server")
| eval type=case(id=1,"sitemap",id=4,"server", id=6, "server",id=8,"server",id=10,"server",id=11,"server",id=12, "database")
| fields from, to, value, type
Tokens are generated each time you click a node. This can be useful if you want to populate another panel on the dashboard with a custom search, or link to a new dashboard with the tokens carying across.
If you have a bug report or feature request, please contact daniel@spavin.net
No personally identifiable information is logged or obtained in any way through this visualizaton.
Send email to daniel@spavin.net
Support is not guaranteed and will be provided on a best effort basis.
This visualization uses the network module from visjs.org
Icons made by Smashicons from www.flaticon.com is licensed by CC 3.0 BY
Icons made by https://fontawesome.com
v2.2.0
- Added ability to select the physics model used to create the layout
- Improved font pre-loading for icons
- Updated internal libraries for performance and security
v2.1.1
- Upgraded jQuery to version 3.6.0
v 2.1.0
- Nodes can now use custom images with node type customimage and customimagecircular. See examples on the new custom image dashboard.
- Added option: Wrap Node Text which is true by default. This will help prevent node labels from overlapping. The node text will be limited to the smaller of Level Separation and Node Spacing.
- Text can now have accented letters, e.g. ça marche, café, à la carte
- Node text color can be set separately from node and link color using a new field: nodeTextColor
v 2.1.0
- Nodes can now use custom images with node type customimage and customimagecircular. See examples on the new custom image dashboard.
- Added option: Wrap Node Text which is true by default. This will help prevent node labels from overlapping. The node text will be limited to the smaller of Level Separation and Node Spacing.
- Text can now have accented letters, e.g. ça marche, café, à la carte
- Node text color can be set separately from node and link color using a new field: nodeTextColor
v 2.0.0
- All 'to' nodes are now generated by default, simplifying the search
- The "box" type now has legible text. See it used on the Business Process example dashboard
- Added business process use case with the updated "box" type
- Drill-downs are disabled on all search results pages. This allows you to move the nodes around on the search/visualization tab without performing a drill-down
- There is now a faint box around the node text to help legibility (disabled on IE browsers)
- Created new option for Physics: Partial. This option (along with dynamic lines and line length) will let you see multiple links between the same nodes without them overlapping. See it on the new General Examples dashboard
- Updated libraries to the latest versions
- Bug fix: NodeText won't be overwritten with blank values
- Bug fix: Fixed error where some default icon options were ignored
- Other minor bug fixes
v 1.8.0
- Improved dark-mode compatibility for link text
- Fixed bug were a panel resize would make the diagram appear off-centre
- Added new field: nodeText so you can have a different label for a node to the from field. Defaults to the 'from' field value.
- Added option to make drill-downs activate on double-click only, so you can move nodes around without it trying to drill-down.
v 1.7.0
Drill-downs now work on a single click, rather than a double click
You can now set the link length from search by specifying a linkLength field
Default link length can be set in options
Under Hierarchy settings you can now specify the distance between layers, and if Physics is disabled, spacing between nodes
The options menu has been re-organised to better group related options
Created a dark-mode version of the Create Layouts dashboard
v 1.6.0
- Huge performance increase - show up to 10,000 nodes within a few seconds. New performance dashboard to test out massive network diagrams.
- Added new edge types to change the way nodes are linked: Dynamic, Cubic Bezier, Discrete, Continuous, Diagonal Cross, and Straight Cross.
- Added arrows to edges to help show the flow. Show arrows at the start, middle, or end of edges.
- Edges now have a tooltip when you hover over them if you set a linktext value.
- There is a new token for tooltips: $nd_tooltip_token$.
- Fixed bug when default icon was set to a logo icon.
- Minor bug fixes related to grouping.
v 1.5.0
- Drill-Down is now supported via the standard Splunk Drill-down menu. This change will enable drill-downs to other dashboards, searches and URLs while also supporting custom tokens.
- There is now a date picker on the Layout Design dashboard to allow you to time limit your searches.
- Both the node label and link text size can be increased - see the new options under General: Node Text Size and Link Text Size
- Fixed bug where Splunk License server icon didn't change color
v1.4.0
- Splunk icons can now be colored: red, yellow, green, blue. Just set your color field in your search to one of these colors.
- You can also use terms like 'error','bad','severe','high' for Red, 'amber','warning','medium','orange' for yellow, 'ok','good','low' for green, and 'debug','unknown' for blue.
v 1.3.0
- Hundreds more icons available - see the Available Icons dashboard for the complete set
- Fixed options menu 'undefined' text that appears on Splunk 7.3
v 1.2.0
User requested features:
- Control the width of links using the new linkwidth field in your search (optional)
- Set the color of links using the new linkcolor field in your search (optional)
- Use the link text as a token when you click on it - defaults to: $nd_value_token$
- Ability to disable zoom - new setting in the Options menu
Other updates:
- Set the default node type instead of defining a type in your search - new config in the options menu.
- New icons - a range of new icons for Windows, Linux, Git, Skype, Java, Google Drive and others. See the Available Icons dashboard for the complete set.
- When you click on a link between two nodes, you now get tokens for the From and To nodes, as well as the link text.
- Fixed typos in dashboards and configuration settings
v 1.1.0
Save your layout designs. You can now use an in-built dashboard to create specific layouts based on your searches. A new search will be generated for use in your dashboards that preserves the layout you have designed.
See new dashboard: Create Layouts.
v 1.0.0
Initial version
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.