Jamf Pro has built-in dashboards, but many admins want the flexibility of Business Intelligence (BI) or reporting tools. JNUC 2019 introduced integrations with some of the most popular tools. We have been hard at work creating resources to help you get the most out of your data, and now we want to see your dashboard!
If you have a great dashboard to share, please post it here! If you have tips or tricks that helped you build it, share it with your fellow admins. Remember to sanitize any sensitive data before posting.
assuming you have the jamf splunk plugin installed. We have an Extension Attribute to pull versions of the apps we care about. Those EAs are listed in the advance search that splunk reads. Then its a pretty simple search:
index=name sourcetype=JamfModularInput | rare limit=20000 "computer.*EA_Name*"
@txhaflaire For the colors, Its a single Value Visualization. When you looking at the format for it, you can Set colors for the values.
For the Active 30 Days and Inactive 90+, I have smart groups that are part of my Advanced search that Splunk reads its data from. So the search is like this:
index=app sourcetype=JamfModularInput computer.Computer_Group.Computer_Group_Membership.Group!="Out of Contact 30+"|rare limit=20000 "computer.name" | stats sum(count)
index=app sourcetype=JamfModularInput computer.Computer_Group.Computer_Group_Membership.Group="Out of Contact 90+" | rare limit=20000 computer.name | stats sum(count)
This search time regex worked for me for pulling the version of an application:
| rex "<Available_Update>Google Chrome.app</Available_Update><Application_Version>(?<Ex_Chrome_Version>[^<]*)"
Basically says look for this string about Google Chrome, then grab everything after the "Application_Version" until you see a less than sign (which denotes the beginning of the end tag for "Application_Version"). Hop this helps you all in extracting versions.
@bejohnson That looks great! I haven't even looked at using Splunk in my environment, but, the dashboard you have looks like something that would put permanent ear-to-ear grins on my Management.
Does anyone have any links to detailed instructions on how to install, configure, and, setup Splunk/dashboards? I would greatly appreciate it. Thanks!
@ddcdennisb Ah check! can you show screenshots of the Jamf Pro side, as i can't select in an Advanced Search to export the Computer Group, i can but only under the tab "Export Only".
Or did you create an particular Advanced Search with computers member of that group and create an new modular input in Splunk?
We are currently looking into Splunk and seen how we might can use it.
We made a API check against /JSSResources/computers as in there learning videos.
I have seen @DBrowning did a lookup against group memberships. I wonder how/if this is working for the API lookup they do as well or is is more wise to create a new Source that uses a Search with the fields displaying we want?
There's a more verbose version of Jamf's Splunk Integration Guide available on Github. It goes into things like integrating data from multiple sources and more step by step on building searches than we wanted in the product documentation. And lots more screen-shots. 🙂
There are also some scripts there to pull things like mdm command history and application usage data that need some transformations that we haven't yet built into the standard plugin, and complete dashboards you can download as source code that you can just copy-paste into your Splunk. We'd love to see others share their dashboard code as well.
For those using PowerBI, this non-Jamf Blog is very helpful.
Just started getting a Power BI dashboard together and its going pretty well.
Just wondered if anyone can help with one dashboard we really want to view.
I have 2 smart groups, one to show devices in the office and one to show devices out of office (WFH).
I want this to tick along daily/monthly showing a nice line graph of the change in numbers each day. So along the bottom of the graph would be the date and then device count up the side.
I cant for the life of me find a date field so this is impossible without it?!?! Any ideas?
@AndrewShooter , you could set a "Active" column where it is True/False and then have where you have a slicer with the Active values and when someone interacts with it you can change the interaction from Filter to Highlight(I think that's the name) and it should highlight the items instead on that specific visual.
Tangentism, please see this doc and Lisa/Kevin's JNUC 2020 Splunk presentation for some examples. There are some example dashboards in the same repo as the pdf doc. If you scroll up in this thread there are some super slick d-boards from DBrowning and LisaCherie. But you might go at this from a different angle... think about what issues your device management program is being asked to address and how data and visualizations might be used to provide meaningful insights or active monitoring. Then go from there.
@maik.sanftenberg Here is the code that I'm using in one of my examples above.
<panel> <title>Clients on 10.15 (Catalina)</title> <single> <title>Total</title> <search> <done> <set token="tokCatalinaCount">$result.sum(count)$</set> </done> <query>index=cai_app sourcetype=JamfModularInput computer.Computer_Group.Computer_Group_Membership.Group="Macs on 10.15" | rare limit=20000 computer.name | stats sum(count)</query> <earliest>-60m@m</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> <refresh>60m</refresh> <refreshType>delay</refreshType> </search> <option name="colorMode">block</option> <option name="drilldown">none</option> <option name="height">178</option> <option name="rangeColors">["0x006d9c","0x006d9c","0x006d9c","0x006d9c","0x53a051"]</option> <option name="rangeValues">[0,750,1500,2250]</option> <option name="refresh.display">progressbar</option> <option name="underLabel">Clients on 10.15 Catalina</option> <option name="useColors">1</option> <option name="useThousandSeparators">0</option> </single> <single> <title>Percentage</title> <search> <query>| makeresults | eval Total=$tokTotalCount$, Catalina=$tokCatalinaCount$ | eval percent=round((Catalina/Total)*100,2) | table percent</query> <earliest>-60m@m</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> <refresh>60m</refresh> <refreshType>delay</refreshType> </search> <option name="colorMode">none</option> <option name="drilldown">none</option> <option name="height">171</option> <option name="numberPrecision">0.00</option> <option name="rangeColors">["0x006d9c","0x006d9c","0x006d9c","0x006d9c","0x53a051"]</option> <option name="rangeValues">[0,25,50,75]</option> <option name="refresh.display">progressbar</option> <option name="unit">%</option> <option name="useColors">1</option> <option name="useThousandSeparators">0</option> </single> </panel>