Combining metrics for executive dashboards
By Mohit Dewan, Avocado Consultant
For an Executive Dashboard the focus should always be on creating as few dashboard elements as possible to minimise clutter while at the same time conveying the maximum amount of information.
Traffic lights can be a great fit for this purpose because they have finite states, i.e. red, amber and green, and it is possible to aggregate multiple metrics in to a single element.
Splunk, at the time of writing this article (v 6.4.2), does not provide a traffic light visualisation on dashboards out of the box however we can, pretty easily, use the Single Value visualisation to create something like this:
Here we have separate metrics that each have their own thresholds and different units.
The first task is to combine these into a single search. We’ll use the join function to do this:
Now we need to combine these metrics into a new artificial metric and set thresholds. We can do this using the eval function:
Note that our new metric infraScore will always reflect the worst child of the metrics that make it up.
We could dashboard our new metric as a Single Value element, but this might not look very pretty or make much sense:
Instead, what we will do is apply the rangemap function which will later allow us to do some style sheet manipulations.
Now if we tweak the style sheet we can do something like this:
The icon set:
But those 3D icons are so naughties… Some newer icons and some more style sheet tweaks:
This is better but may still not be simple enough to understand on an Executive dashboard. Some more tweaking of the style sheet:
Now we have single element on the dashboard called Infrastructure which will change colour between green, amber and red if any one of its underlying metrics crosses its threshold.
This element is simple and easy to understand at a glance. We can now delete the individual metric indicators from the dashboard leaving just our new element.
Although not in scope of this article it would be a good idea and good practice to provide a drill down on our new element so that when there is a problem, a user can click on the element to investigate its cause in more detail.
Happy Splunk Dashboarding!