.Conf19 in Las Vegas was my first Splunk conference and also first tech conference at such scale – with over 10,000 people in attendance it certainly made an impact! This includes the unveiling of the all-present sunrise-like new Splunk color scheme and, most importantly, the introduction of new Splunk tools and upgrades to support the new ‘Data to Everything’ direction that the company is taking this year. 

Notably, six of the talks have been devoted to the New Dashboard Framework. One in particular caught my eye – Building your own Custom Data Visualization for Dashboards – led by principal Software Engineers Xianlin Hu and Peter Petersen. The subject matter had me dust off my knowledge of React and the idea of creating custom visualisations with the use of React in Splunk was an exciting one. 

The existing Splunk dashboard tech stack consists of either using SimpleXML (default) or a Glass Table (premium) – both of them with their own limitations. It’s a choice between superior level of customisation vs the ability to ‘tell a story’ with the data.

In contrast, the new Splunk Dashboard Framework uses modern front-end tech, i.e. React and Redux; gets updates via regularly updated npm packages, resolves dependencies at build time and with visualisations built into the app it means more stability for our dashboards. Effectively, the new Splunk Dashboard Framework draws from the strengths of SimpleXML and Glass table and allows us to use any visualisation we want, as long as they are wrapped in React component that implements the Splunk API – meaning we now have the ability to ‘tell a story’ with the flexibility of customisation of SimpleXML. Finally, the Splunk Dashboard Framework works on Splunk Enterprise and Splunk Cloud.

The below slide from Building your own Custom Data Visualisation for Dashboards .conf19 presentation shows the application of two concepts used in React/Splunk Dashboard creation: definition and preset.

As explained by Xianlin, with definition “you let the dashboard know what visualisation you want on the dashboard and how you want to style it, what data you want it to visualise and where on your dashboard you want to put it“, while preset is a “bridge between definition and your own visualisation code“.

Happy Splunking!

Posted by:Beata Ficek

Beata is a Splunk Enterprise Certified Admin working for a large-banking client as an iDelta Splunk consultant since April 2019; former CodeClan graduate of 2018.