Dashboards

A dashboard is a customizable visual that displays real-time or historical data from log sources, allowing you to monitor, analyze, and visualize key metrics in one centralized location. Dashboards are made up of widgets, which are individual display elements that can show aggregated data in various formats, such as charts, graphs, or single-value metrics or disaggregated data in the form of log message tables. For more information, see Widgets.

Dashboards created by you can be customized to fit your use case. For example, you might create dashboards for any of the following purposes: 

  • System Health and Performance: Monitor performance metrics (CPU load, memory, response times) to maintain system health and address issues quickly.

  • Log Aggregation and Analysis: Consolidate and analyze logs from various sources for troubleshooting and compliance.

  • Compliance Reporting: Display compliance-relevant log data for easier audit trails and adherence to standards.

  • User Behavior Tracking: Monitor access logs and activity patterns to spot unauthorized access or unusual behavior.

  • Custom Metrics for Management: Display critical metrics like uptime and service health, offering a high-level system overview for managers.

There are also a number of pre-built dashboards you can utilize in Graylog. For example, Graylog Illuminate content packs include dashboards tailored to specific log sources and security use cases. Additionally, Graylog Security provides pre-configured, interactive dashboards designed to help security teams monitor, detect, and respond to security incidents.

You can also share dashboards with key stakeholders. See the Share Dashboards section for more information.

This article guides you through the process of creating new dashboards and customizing them to your use case. Additionally, we cover how to build dashboards with automatically updating information, which can be shared with any authorized user or user group.

Dashboards vs Saved Searches

While dashboards and saved searches are both ways to preserve and show subsets of data, they serve fundamentally different purposes. Dashboards are visual indicators used to monitor and present data at a glance. A saved search allows you to save specific search queries, including any filters, time ranges, and parameters you have configured, so you can easily access and run these searches again at a later time.

However, you can define specific search criteria for log data displayed in a widget. See the widget search criteria section of the widgets documentation for more information.

Hint: Note that there is also search bar displayed at the top of each user-created dashboard by default. However, it only overrides widget-specific searches temporarily to display different results at the time of the search. It does not alter the search criteria against which the widget is configured.

Create a New Dashboard

Complete the following actions to create a new custom dashboard:

  1. Select the Dashboards tab in the top-level menu. This page lists all dashboards that you are permitted to view.
  2. Select Create new dashboard to create a new, empty dashboard.
  3. Select Save as.
  4. Enter descriptive information for the new dashboard in the dialog box. Note the title is the only required piece of information. Use a brief and unique title so other users can easily understand what to expect from the dashboard. The description can be longer and can contain more detailed information about the displayed data or how it is collected.

Now you can add widgets to your newly created dashboard! See Widgets for more information on creating and adding widgets to dashboards.

View Advanced Field Types

Advanced field types, such as nodes, streams, and inputs, are displayed in dashboards by readable titles rather than their IDs. The search is performed using the id parameter, but the default display is by title, allowing you to analyze your search results more clearly. For more about field type management, see Field Types.

Note that the numerical ID is still visible if you hover over a title in the search results. In addition, when writing or editing a query, both title and ID are shown for reference.

Hint:  If you change the title parameter, the change is applied to all dashboards.

Export a Search as a Dashboard

The previous sections describe how to create a dashboard from the Dashboards menu, but you can also move an existing search to a dashboard. Click on the three dots on the right side of the search bar and select the Export to dashboard option. The newly created dashboard is a draft. You will need to click on the Save as button, found in the top right corner of the draft page, to create the dashboard permanently.

Share Dashboards

Anyone with the Administrator role is allowed to view and edit dashboards. The Reader role is not allowed to view or edit any dashboards by default. As an Administrator, to share a dashboard with a specific user or team:

  1. Navigate to Dashboards.

  2. Find the dashboard you wish to add permissions to and click Share.

  3. Select users or teams from the drop-down menu. Click Add Collaborator.

  4. Review your selection and click Update sharing.

Review Permissions Management for a full list of permissions available to users and teams in Graylog.

Dashboard Use Case

Sally is a system administrator who wants to build a dashboard for her company. She wants to add aggregation widgets that display information about the company log sources and an internal application named Zirva. She aims to have a dashboard that she can show her organizations stakeholders so that they have better real-time information regarding the company system. After creating and saving the new dashboard, she decides to add several widgets to it. See the steps she takes below for each widget:

  • Sally wants to find and display the log sources that most frequently appear in the company system. She will:

    1. Enter * as the search query and set the time frame to 1 day using the time-range selector.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Select Data Table as the visualization type:
    5. Group by Row and select source as the Field.
    6. Add count as the function and source as the field under Metrics.
    7. Select count(source) under Source.
    8. Click Preview widget to view the outcome.
    9. Click Update widget to save the widget to the dashboard.

  • Sally wants to find the number of exceptions in the application Zirva, over the period of one day. She will:

    1. Enter source:Zirva AND Exception as the search query and set the time frame as last 24 hours.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Set Visualization to Single Number
    5. Set Metric to count().
    6. Click Update widget to save it to the dashboard.

  • Sally wants to create a response time chart for Zirva. She will:

    1. Enter source:Zirva as the search query and select a time frame.
    2. Click the Create (+) button and select Aggregation.
    3. Click Edit to configure the widget.
    4. Set Visualization to Single Number.
    5. Set Metric to avg(response_time).
    6. Click Update widget to save it to the dashboard.

Sally now has a comprehensive dashboard that displays data relevant to the new company application.