Skip to content

Create a dashboard

Dashboards are available in Hydrolix Search version 1.5.0 and later.

Splunk's Dashboard Studio builds panels that run hdxsearch queries and display results in charts, tables, and event views.

Add a visualization⚓︎

See Splunk's Create a dashboard in Dashboard Studio guide to create a dashboard and connect visualization panels to data sources. When prompted for the query, enter an hdxsearch command.

The right visualization type depends on the shape of the query output:

Type Use when
Events Displaying raw event rows
Table Displaying aggregated or stats output
Line Displaying columnar or tabular output on a line chart
Bar Displaying columnar or tabular output on a bar chart
Single Value Displaying a single number, for example, a count

hdxsearch returns one row per event, with no totals or groupings. Charts can't render raw rows and appear blank or show an error.

Add a summarizing command after hdxsearch to collapse results into counts, averages, or other metrics:

Command Description
\| timechart span=5m count Groups events into time buckets and counts them, producing a line chart over time
\| stats count by username Counts events grouped by a field, producing a bar chart

The Time Range field in the data source editor controls the query window. See Splunk's Create a dashboard in Dashboard Studio for available options.

Event sampling in Splunk processes only a fraction of events for faster results. For hdxsearch data sources, sampling has no effect on what Hydrolix fetches. The full query runs against the cluster and returns all matching rows regardless of the sampling setting. Splunk's sampling applies to the pipeline after results return, reducing load on the Splunk search tier but not on Hydrolix.

Create inputs⚓︎

See Splunk's Make dashboards dynamic and interactive guide for how to add and configure inputs. To reference an input token in an hdxsearch query, use $<token_name>$ in the where parameter:

Token Filter Query
1
| hdxsearch cluster="my-cluster" table="my_project.my_table" fields="type,username,resource_type,resource_id,current_state" where="type='$log_type$'"

Update an existing panel⚓︎

To migrate an existing dashboard panel to use hdxsearch as the data source, open the panel's data source editor and replace the search query. The required changes depend on the original query type:

  • Queries starting with | index or | fields - Replace those leading commands with an equivalent | hdxsearch table="project.table" fields="..." command.
  • Queries using | tstats - These depend on pre-aggregated data. Replace | tstats with | hdxsearch pointing to a Hydrolix summary table that provides the equivalent aggregated data.