Visualizing metrics for data separated by physical boundaries

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Many different types of public sector organizations need to monitor metrics relating to a number of different physical spaces. Some of examples of this include:

Military or defense organizations might need to monitor network traffic and security across multiple military departments or installations.
Law enforcement organizations or fire departments might need to monitor the status of devices used to ensure public safety, such as smoke detectors in different areas of a building.
Transportation organizations, such as airports, might need to monitor the status of surveillance cameras in different parts of the airport.

How to use Splunk software for this use case

This type of monitoring can be achieved through Splunk Dashboard Studio.

For an example of this feature in action, review the mock-up below, inspired by how NASA's International Space Station (ISS) uses the Splunk platform to monitor its unique physical spaces.

The ISS contains a network of spaces such as living spaces, laboratories, airlocks, and storage. If you want to monitor metrics related to each unique physical module, a choropleth map provides an interactive solution to configure shading on relative metrics. A user can also click and drill into any section of interest, which automatically updates the adjacent chart with more specific details.

This same concept easily provides relative metrics for any data separated by physical boundaries, such as blueprints, network topologies, floorplans, and geographic locations.

You can use the below ISS mock-up as inspiration and to see how a single dashboard can easily communicate your most complex data stories. In the top-right of the dashboard, you can see the custom choropleth map which visualizes the status of the different physical spaces in the ISS.

unnamed (50).png

Follow this process to make your own choropleth map for use in Dashboard Studio.

Create an image using an application that can generate a Scalable Vector Graphic (SVG). The following example was created using Inkscape, which is a free vector graphics application. Each unique object within the choropleth map needs to be a separate vector object in the SVG file. Each shape in the below example is a representation of the individual structures that make up the ISS.
Each object needs an associated ID that will be used for reference in Dashboard Studio, which also needs to match the related Splunk event data. The object ID can be edited in Inkspace by selecting the vector, and then clicking the Object menu then Object Properties.
On the right side of the view, set the ID value in the ID: text box for the object you have selected. In the example below, the JPM module object has been selected and the ID field set to JPM. The related Splunk events include the field and value: module=JPM.
Layer other vectors in your image that are not part of the choropleth to add labels, additional information, or images.
After you have created all your vectors and labeled them with the appropriate ID names, save the graphic.
The Splunk platform identifies the areas to fill in the choropleth map using the IDs specified for the object properties. Inkscape automatically puts in a fill value for each of the objects in your SVG file. The Splunk platform requires a minor modification to the SVG fill format. To do this, open your SVG file with a text editor.

Move the fill value outside of the style field, and change its property to none. The left column in the table below shows what the text file looks like prior to modification, and the right column shows what the text file should look like.