Skip to main content
Sumo Logic

Lab 5: Modify your dashboard

Now that we've created a dashboard, let's modify it to change the content of the panels.

Modify your dashboard

Now that you know how to create a dashboard and change the look and feel, let’s see how you can change the content of the data panels.

Let’s start with the Apache Overview dashboard, which is included in the Apache Access app.

  1. In the left navigation panel, click Apache - Overview in your Personal folder.

    clipboard_e83bfa9ea03f26141b9b542455f126d26.png
    Notice that the Visitor Locations panel includes all worldwide locations. Let’s change the panel to zero-in on the U.S. locations.
     
  2. In the Visitors Locations panel, click the details icon clipboard_efb9d4f05c6698a2f27b07de061988d7f.png , then click Edit to show the search that was used to generate this panel.
    clipboard_e3c6e8bd1e6981dbf6e33739475aa7cbd.png


    The page includes all the information for the search, including the query and the chart.

    clipboard_ec5bab4ff0fe99009bf7cf107c3120d11.png
  3. Now you can modify the query to zoom on the U.S. portion of the map. Add a soft return (hold shift + return) right after the lookup line, to specify the country:

    | where country_name="United States"

    The full query now looks like this.

    _sourceCategory = * webserver_system=apache webserver_farm=* _sourceHost=* HTTP
    | json "log" nodrop | if (_raw matches "{*", log, _raw) as mesg
    | parse regex field=mesg "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop
    | parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)" nodrop
    | parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*" nodrop
    | count by src_ip
    | where !isBlank(src_ip)
    | lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip
    | where country_name="United States"
    | where !isNull(latitude)

  4. To refresh the map, change the chart type in Visual Settings on the right to Heatmap and then back to Cluster
    clipboard_e9ce4e0b7523dc5c9ecd53c30bb9c5d25.png

  5. Click Start to run the query. The results chart now shows just the United States.
    clipboard_e2d41a22527c7461910c12a991159a8e3.png

  6. To show the modified panel in your dashboard, click Update Dashboard.
    clipboard_e6003ab18c53e6d0bce4022ff47706fd1.png
     

  7. You will now see the dashboard with the updated panel.
    clipboard_e35482264b56bc1832b6466568f3423c3.png

Now that you know how to move between the dashboard and the Search tab, you can adjust any of the search settings for a dashboard panel.

To learn much more about how dashboards work, see the topics under Dashboards.

Now, to complete the Sumo user tutorial, Part 6 will show you how to create alerts.