Dashboards allow you to define search queries and share them with co-workers, managers, or even sales and marketing departments.

Dashboards include a range of features that are not available in saved searches. The main difference is the ability to define widget-specific search criteria, like the query or time range. Dashboards also let you create multiple tabs for different use cases and display the results in full screen mode.

This article takes you through the process of creating dashboards and storing information on them. In the end, you will have a dashboard with automatically updating information that you can share with anybody or just a subset of people depending on the permissions granted.

Create a New Dashboard

  1. Navigate to the Dashboards page by selecting the tab at the top of your Graylog interface. This page lists all dashboards that you are permitted to view.
  2. Select Create new dashboard to create a new, empty dashboard.
  3. Select Save as.
  4. Enter descriptive information for the new dashboard in the dialog box. The title is the only required information. Use a brief and unique title so other users can easily understand what to expect from the dashboard. The description can be longer and can contain more detailed information about the displayed data or how it is collected.

Next, we will add widgets to the newly created dashboard.

Add and Configure Widgets

Your newly created dashboard will be blank. So, let’s add some widgets!

You can add search result information to a dashboard with a couple of clicks. Adding widgets to a dashboard works the same way as the main search page does. For a detailed description of different widget types and how to create them, see the widgets documentation.

Widget-Specific Search Criteria

The main difference between dashboards and saved searches is the ability to define widget-specific search criteria with dashboards. Widget-specific search criteria are elements you define within a widget, and the widget displays the results as a visualization, based on the widget type.

To edit a widget:

  1. Scroll over the widget in your dashboard and select the Edit button.

  2. Define your search criteria for the selected widget. Your search criteria can include the time range, search query, and stream selection.

  3. Click Update widget to save your search criteria.

The main search bar is available on the Dashboard page. However, it allows you only to override widget-specific searches to temporarily display different results. Widget-specific searches persist, and search options configured with the main search bar are not saved in the dashboard.

Dashboard Use Cases

Here are some possible use cases for adding widgets to a dashboard.

  • Find top log sources.

    1. Enter this search query: * and set the time frame to the last 24 hours.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Select visualization type: Data Table
    5. Group by Row and select sourceas the Field.
    6. Add metric: count(source)
    7. Select sorting: count(source)
    8. Click Update widget to save it to the dashboard.

  • Find the number of exceptions in a given app for today.

    1. Enter this search query: source:myapp AND Exception and set time frame as: last 24 hours.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Set Visualization to Single Number
    5. Set Metric to count().
    6. Click Update widget to save it to the dashboard.

  • Create a response time chart for an application.

    1. Enter this search query: source:myapp2 and select a time frame.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Set Visualization to Single Number.
    5. Set Metric to avg(response_time).
    6. Click Update widget to save it to the dashboard.

You can now see widgets on your dashboard.

View Advanced Field Types

Advanced field types, such as nodes, streams, and inputs, are displayed in dashboards by readable titles rather than their IDs. The search is performed using the id parameter, but the default display is by title, allowing you to analyze your search results more clearly. For more about field type management, see Field Types.

Note that the numerical ID is still visible if you hover over a title in the search results. In addition, when writing or editing a query, both title and ID are shown for reference.

Hint:  If you change the title parameter, the change is applied to all dashboards.

Export a Search as a Dashboard

The previous sections describe how to create a dashboard from scratch, but you can also move an existing search to a dashboard. Click on the three dots on the right side of the search bar and select the Export as dashboard option. The newly created dashboard is a draft. You will need to click on the Save as button to create the dashboard permanently.

Widget Cache Times

Widget values are cached in the Graylog server by default. This means that the cost of value computation does not grow with every new device or even a browser tab displaying a dashboard. Some widgets might need to show real-time information (set cache time to 1 second) and some widgets might be updated less often (like Top SSH users this month, cache time 10 minutes) to save expensive computation resources.

Share Dashboards

The Reader role is not allowed to view or edit any dashboards by default. Anyone with the Admin role is allowed to view and edit dashboards.

  1. Navigate to Dashboards

  2. Find the dashboard you wish to add permissions to and click Share.

  3. Select users or teams from the drop-down menu. Click Add Collaborator.

  4. Review your selection and click Update sharing.

To learn more please refer to Permissions Management.

Summary

Congratulations, you have just gone through the basic principles of Graylog dashboards. You may now create your own dashboards. We suggest that you:

  • Create dashboards for yourself and your team members.
  • Create dashboards to share with your manager.
  • Create dashboards to share with the CIO of your company.

Consider which information you need access to frequently. What information might your manager or CIO be interested in? Maybe they want to see how the number of exceptions went down or how your team utilized existing hardware better. The sales team could be interested in seeing sign up rates in real time and the marketing team would love you for providing insights into low level KPIs.