Splunk Enterprise plugin

For more information about what this plugin does and the data streams it retrieves, see:

Monitor any events or metrics and retrieve reports from your Splunk Enterprise environment using custom SPL queries.

An on-prem data source connects a service running in your internal network to SquaredUp. They require an agent installed on a machine that has access to your internal network.

This data source is of great use in addition to other data sources. It enables you to get different kinds of data and insights about objects that have been indexed by other data sources.

To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.

Before you start

Configuring and deploying an agent

If you have already created an agent in SquaredUp that you can use for this data source, you can skip this step and choose the agent group you want to use while Configuring the data source.

See one of the following, depending on your platform type:

Configuring the data source

Display Name:
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.
Agent Group:
Select the Agent Group that contains the agent(s) you want to use.
Splunk Enterprise URL:
Enter the URL for your Splunk Enterprise server.
For accessing your Splunk instance you need to enter either a token or your Splunk user name and password.
If you use a token:
Create a token in your Splunk instance and paste it in here.
If you use your Splunk user name and password:
Enter the user name and password you use to log in to your Splunk instance.
Ignore Certificate errors:
If you activate this checkbox the data source will ignore certificate errors when accessing the Splunk Enterprise server.

Restrict access to this data source:
You can enable this option if you only want certain users or groups to have access to the data source, or the permission to link it to new workspaces. See Access control for more information.

The term data source here really means data source instance. For example, a user may configure two instances of the AWS data source, one for their development environment and one for production. In that case, each data source instance has its own access control settings.

By default, Restrict access to this data source is set to off. The data source can be viewed, edited and administered by anyone. If you would like to control who has access to this data source, switch Restrict access to this data source to on.

Use the Restrict access to this data source dropdown to control who has access to the workspace:

By default, the user setting the permissions for the data source will be given Full Control and the Everyone group will be given Link to workspace permissions.
Tailor access to the data source, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.
If the user is not available from the dropdown, you are able to invite them to the data source by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp. Once the account has been created, they will gain access to the organization.
At least one user or group must be given Full Control.
Admin users can edit the configuration, modify the Access Control List (ACL) and delete the data source, regardless of the ACL chosen.

Access Level:

Link to workspace	User can link the data source to any workspace they have at least Editor permissions for. Data from the data source can then be viewed by anyone with any access to the workspace. User can share the data source data with anyone they want. User cannot configure the data source in any way, or delete it.
Full Control	User can change the data source configuration, ACL, and delete the data source.

See Access control for more information.

Click Add.
You can also add a data source from Settings > Data Sources > Add data source, but sample dashboards are not added when using this method.
The data source is now added. To be able to use it, you need to create a custom Data Stream for this data source.

Next steps

Data streams

The following data streams are installed with this plugin.

Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format.

While creating a tile you can tweak data streams by grouping or aggregating specific columns.

Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

See Data Streams for more information.

This data stream retrieves reports (recent single searches) from Splunk.

In the tile editor, filter by the Splunk Enterprise data source, select the Reports data stream and then click Next.
Select a report from the Report dropdown.
If the report involves a timeframe (for example, Errors in the Last 24 Hours), select the Use Timeframe checkbox.
For faster searches, we recommend to leave theUse Timeframe checkbox selected if your query doesn't specify a timeframe. Otherwise it will scan the entire dataset.

This data stream calls an API endpoint to query your Splunk instance, and allows you to enter a custom query.

In the tile editor, filter by the Splunk Enterprise data source, select the SPL Query data stream and then click Next.
You can either select the scoped SPL Query data stream or the global SPL Query data stream.
If you selected the scoped SPL Query data stream, select the objects you want to use and then click Next.
You do not need to do this if you have selected the global SPL Query data stream.
Enter a Query.
A mustache parameter is a dynamic value, the actual value will be inserted to replace the field in curly braces. For example, {{timeframe.start}} will insert the start time based on the timeframe configured within the tile, or {{name}} will insert the name of the object(s) in scope.
This data stream supplies scoped objects individually for mustache parameters. When there are multiple objects in scope this data source will send the query multiple times, once for each object. The results are then displayed together, for example in a single table.
You can use properties of objects and write them in between curly braces e.g {{name}} to use them as mustache parameters. Whenever you use mustache parameters, you need to use a scope of objects that contain the property you're referencing.
For example, if objects of type "host" have a property called name, you can use {{name}}. This will resolve {{name}} to the value of the name property of the different "host" objects used in the scope.

Writing a custom data stream (advanced users)

In SquaredUp, browse to Settings > Advanced > Data Streams.
Click Add custom data stream.
Add your custom data stream by entering the following settings:
1. Name:
  Enter a display name for your data stream.
  The display name is the name that you use to identify your data stream in SquaredUp. It has no technical impact and doesn't need to be referenced in the data stream's code.
2. Data source:
  Choose the data source this data stream is for.
  After you've chosen the data source the Entry Point field displays.
3. Entry Point:
  Specify the data stream entry point and enter the Code below.
  Each data stream uses an entry point, which can either be global (unscoped) or scoped, and this determines whether the data stream uses the tile scope.
  Data streams can be either global or scoped:
  - Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
  - A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").
  To find out which entry point to select and get code examples for the Code field, see the help below.
Click Save to save your data stream.

Example 1: Get Windows Event Log Entries for Given Hosts

This Data Stream uses Host objects which need to come from a different data source (for example, from the VMware vCenter data source), and performs a query to get Windows application log event messages.

Which entry point do I have to select from the dropdown?

Splunk Enterprise Query (Scoped)

Code example:

{
  "name": "SplunkAppEventsForHost",
  "dataSourceConfig": {
    "query": "search source=\"WinEventLog:Application\" | where host = \"{{name}}\" | fields host,Message"
  },
  "matches": {
    "type": {
      "type": "equals",
        "value": "host"
      }
   },
  "rowPath": [],
  "metadata": [
    { "name": "_indextime", "displayName": "Timestamp", "shape": "date",    "role": "timestamp" },
    { "name": "host",       "displayName": "Host",      "shape": "string" },
    { "name": "Message",    "displayName": "Message",   "shape": "string",  "role": "value" }
  ]
}

name

Mandatory

The internal name of the data stream. Can be used the refer to this data stream in a tile's JSON instead of using the data stream's internal ID.

dataSourceConfig Parameters

query

Mandatory

You can use mustache parameters in the query.

A mustache parameter is a dynamic value, the actual value will be inserted to replace the field in curly braces. For example, {{timeframe.start}} will insert the start time based on the timeframe configured within the tile, or {{name}} will insert the name of the object(s) in scope.

This data stream supplies scoped objects individually for mustache parameters. When there are multiple objects in scope this data source will send the query multiple times, once for each object. The results are then displayed together, for example in a single table.

You can use properties of objects and write them in between curly braces e.g {{name}} to use them as mustache parameters. Whenever you use mustache parameters, you need to use a scope of objects that contain the property you're referencing.

For example, if objects of type "host" have a property called name, you can use {{name}}. This will resolve {{name}} to the value of the name property of the different "host" objects used in the scope.

ignoreTimeFrame

Optional

You can add the ignoreTimeFrame parameter and set it to true if you want the query to ignore the current dashboard timeframe of a dashboard.
If ignoreTimeFrame is left out or set to false, the query will use the current dashboard timeframe.

The dashboard timeframe is the current timeframe setting for a dashboard. Users can change the dashboard timeframe to see data for a different time span, for example, instead of showing data from "the last 12 hours" it can be changed to show data from "the last 7 days".

Tiles can be configured to:

Use dashboard timeframe (default). For these tiles the data shown will change when the user changes the dashboard timeframe.
Use a fixed timeframe from the options available. These tiles show a clock icon and hovering shows the fixed timeframe configured. The data will not change when the dashboard timeframe is changed.

If the dashboard timeframe is unavailable, such as when all the tiles on that dashboard are using a fixed timeframe, then the button is disabled. Likewise, if a specific timeframe is unsupported then it is disabled in the timeframe picker.

Set a default dashboard timeframe

To set the default dashboard timeframe, click the pin icon

when using the dashboard timeframe picker. This sets the initial timeframe for all viewers of the dashboard, including shared dashboards.

Tip: Indicate with the name of a tile if the tile's timeframe can be changed. For example, naming a tile "Performance during the last week" tells users that this tile always shows data for the last week. Naming a tile just "Performance" indicates to users that changing the dashboard timeframe will change the data.

matches Parameters

Note: Defining the matches parameter is mandatory.

With the matches parameter you define for which objects the data stream will be shown in SquaredUp. It works like this:
When you configure a tile, you have to choose its scope. If this scope contains objects you specified here in the matches parameter, the data stream will be shown in SquaredUp under Data Streams. If the scope doesn't contain objects specified here, the data stream will be hidden.
This keeps things clean and simple since you'll only see the data stream when it's relevant for the scope you chose. As a best practice you should limit the data stream to objects that make sense for the specific use case of this data stream.

Format for matches:

//If you want to specify only one value of an object property//
"matches": {
	"ObjectProperty": {
		"type": "equals",
		"value": "ValueOfTheObjectProperty"
	}
},
 
//If you want to specify multiple values for an object property//
"matches": {
	"ObjectProperty": {
 		"type": "oneOf",
		"values": ["ValueOfTheObjectProperty1", "ValueOfTheObjectProperty2", "ValueOfTheObjectProperty3"]
	}
},

Example for limiting a data stream to objects:

If you are using multiple values for the object property, you can decide if you want the data stream to be visible for objects that match all of the criteria or at least one of the criteria.

Lets say you have two values you want objects to have in order for the data stream to be visible for them:

a SourceName property with the value AppDynamics (meaning objects that come from the AppDynamics data source)
a type property with the value app (meaning application objects)

If you want the data stream to be visible only for objects that match both of the criteria, your code would look like this:

"matches": {
    "sourceName": {
      "type": "equals",
      "value": "AppDynamics"
    },
    "type": {
      "type": "equals",
      "value": "app"
    }
  },

If you want the data stream to be visible for objects that match at least one of the criteria, your code would look like this:

"matches": [
    {
        "sourceName": {
            "type": "equals",
            "value": "AppDynamics"
        }
    },
    {
        "type": {
            "type": "equals",
            "value": "app"
        }
    }
]

Note: If you run into errors when configuring the matches parameter, check if you're dealing with a global entry point.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

Global entry points can't use specific objects in the matches parameter. You can identify global entry points by their name, they have "Global", "No Scope" or "Unscoped" added to their name.

There are two possible options for the matches parameter for global entry points:

`"matches": "none",`	When creating a tile, the Data Stream will be shown as long as no scope is selected. As soon as a scope is selected, the Data Stream will be hidden.
`"matches": "all",`	When creating a tile, the Data Stream will be shown as soon as any scope is selected.

metadata Parameter

Optional, but recommended

The metadata parameters are used to describe columns in order to tell SquaredUp what to do with them. You can do multiple things with the metadata parameters:

Specify how SquaredUp should interpret the columns you return and - to an extent - how their content displayed. You do this by giving each column a shape.
The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link.
Filter out or just hide columns.
Only the columns you define in metadata will be returned in the results. This helps you to filter out columns you don't need. If you need the content of a column but don't want to display it, you can use the visible parameter.
Give columns a nicely readable display name.
Assign a specific role to columns .
The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role value to the column that contains the actual value you want to use in your visualization.

If you don't specify any metadata, all columns will be returned and SquaredUp will do its best to determine which columns should be used for which purpose. If you're returning pretty simple data, for example just a string and a number, this can work fine. But if you're returning two columns with numbers it gets trickier for SquaredUp to figure out which one is the value and which one is just an ID or some other number.

Parameters:

Before you start specifying metadata, leave them empty at first and get all the raw data with your new data stream once.

In order to do this, finish creating your custom data stream without metadata and create a tile with this data stream. The Table visualization will show you all raw data.

This will give you an overview about all columns and their content and help you decide which columns you need and what their shapes and roles should be. It's also essential for getting the correct column name to reference in the name parameter.

Use this information to go back to the data stream configuration and specifying the metadata.

`name`	Mandatory	Enter the name of the column you are referencing here. To find the name of a column, get the data from this data stream once without any metadata. See the tip above for how to do that. You'll see the column name when you hover over the column in the Table.
`displayName`	Optional	Here you can give the column a user-friendly name
`shape`	Recommended	The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link. Note: Please refer to the list of shapes below this table to see available shapes.
`role`	Recommended	The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role `value` to the column that contains the actual value you want to use in your visualization. Note: Please refer to the list of roles below this table to see available roles.
`visible`	Optional	`true` or `false` Use this if you need a columns content but don't need to display the column itself. Example: Column A contains the full link to a ticket in your ticket system. Column B contains the ticket ID. You want to use the ticket ID as a label for the link, turning the long URL into a much nicer to read "Ticket 123". This is why you need the content of column B, to assign it as a label for column A. But since the URL is now displayed as the ticket ID, it would be redundant to still display column B. This is why you hide column B with `false`.

There are many different shapes you can use for your columns and the list of possible shapes gets expanded constantly:

Basic types, like: boolean, date, number, string
Currency types that get displayed with two decimal values and their currency symbol (for example $23,45), like: currency (generic currency), eur, gbp, usd
Data types, like: bytes, kilobytes, megabytes
Time types, like: seconds, milliseconds, timespan
The status type : state
Utility types, like:
customUnit
url (will be displayed as a link)

Tip:

Some shapes can be configured.

If a shape is configurable, you can edit how the shape displays data in SquaredUp.

See Configurable shapes

`id`	Used by data streams feeding the aggregate health stream to identify their Id column
`label`	A column containing user-friendly names. Line Graphs use this role to group data into series. so each label will get its own line in the Line Graph.
`link`	A column containing a link that can be used as a drilldown in Status Blocks.
`timestamp`	A column containing a date to use on the X -axis of a Line Graph.
`unitLabel`	A column containing user-friendly labels for data series, e.g. ‘Duration’. Line Graphs can use this role to label the Y-axis.
`value`	A column containing the numeric value you want to use in your visualization.

Example 2: Get Results for Saved Report

Note: This Data Stream uses the Splunk Enterprise organization object and doesn't rely on objects coming from other data sources.

Which entry point do I have to select from the dropdown?

Splunk Enterprise Query (Scoped)

Code example:

{
  "name": "SplunkRunMySavedReport",
  "dataSourceConfig": {
    "query": "| savedsearch mySavedReport | fields host,Message"
  },
  "matches": { 
    "sourceType": { "type": "equals", "value": "Splunk Enterprise Organization" } 
  },
  "rowPath": [],
  "metadata": [
    { "name": "_indextime", "displayName": "Timestamp", "shape": "date",    "role": "timestamp" },
    { "name": "host",       "displayName": "Host",      "shape": "string" },
    { "name": "Message",    "displayName": "Message",   "shape": "string",  "role": "value" }
  ]
}

name

Mandatory

The internal name of the data stream. Can be used the refer to this data stream in a tile's JSON instead of using the data stream's internal ID.

dataSourceConfig Parameters

query

Mandatory

You can use mustache parameters in the query.

ignoreTimeFrame

Optional

Tiles can be configured to:

Use dashboard timeframe (default). For these tiles the data shown will change when the user changes the dashboard timeframe.
Use a fixed timeframe from the options available. These tiles show a clock icon and hovering shows the fixed timeframe configured. The data will not change when the dashboard timeframe is changed.

Set a default dashboard timeframe

To set the default dashboard timeframe, click the pin icon

when using the dashboard timeframe picker. This sets the initial timeframe for all viewers of the dashboard, including shared dashboards.

matches Parameters

Note: Defining the matches parameter is mandatory.

Format for matches:

//If you want to specify only one value of an object property//
"matches": {
	"ObjectProperty": {
		"type": "equals",
		"value": "ValueOfTheObjectProperty"
	}
},
 
//If you want to specify multiple values for an object property//
"matches": {
	"ObjectProperty": {
 		"type": "oneOf",
		"values": ["ValueOfTheObjectProperty1", "ValueOfTheObjectProperty2", "ValueOfTheObjectProperty3"]
	}
},

Example for limiting a data stream to objects:

If you are using multiple values for the object property, you can decide if you want the data stream to be visible for objects that match all of the criteria or at least one of the criteria.

Lets say you have two values you want objects to have in order for the data stream to be visible for them:

a SourceName property with the value AppDynamics (meaning objects that come from the AppDynamics data source)
a type property with the value app (meaning application objects)

If you want the data stream to be visible only for objects that match both of the criteria, your code would look like this:

"matches": {
    "sourceName": {
      "type": "equals",
      "value": "AppDynamics"
    },
    "type": {
      "type": "equals",
      "value": "app"
    }
  },

If you want the data stream to be visible for objects that match at least one of the criteria, your code would look like this:

"matches": [
    {
        "sourceName": {
            "type": "equals",
            "value": "AppDynamics"
        }
    },
    {
        "type": {
            "type": "equals",
            "value": "app"
        }
    }
]

Note: If you run into errors when configuring the matches parameter, check if you're dealing with a global entry point.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

Global entry points can't use specific objects in the matches parameter. You can identify global entry points by their name, they have "Global", "No Scope" or "Unscoped" added to their name.

There are two possible options for the matches parameter for global entry points:

`"matches": "none",`	When creating a tile, the Data Stream will be shown as long as no scope is selected. As soon as a scope is selected, the Data Stream will be hidden.
`"matches": "all",`	When creating a tile, the Data Stream will be shown as soon as any scope is selected.

metadata Parameter

Optional, but recommended

The metadata parameters are used to describe columns in order to tell SquaredUp what to do with them. You can do multiple things with the metadata parameters:

Specify how SquaredUp should interpret the columns you return and - to an extent - how their content displayed. You do this by giving each column a shape.
The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link.
Filter out or just hide columns.
Only the columns you define in metadata will be returned in the results. This helps you to filter out columns you don't need. If you need the content of a column but don't want to display it, you can use the visible parameter.
Give columns a nicely readable display name.
Assign a specific role to columns .
The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role value to the column that contains the actual value you want to use in your visualization.

Parameters:

Before you start specifying metadata, leave them empty at first and get all the raw data with your new data stream once.

In order to do this, finish creating your custom data stream without metadata and create a tile with this data stream. The Table visualization will show you all raw data.

Use this information to go back to the data stream configuration and specifying the metadata.

`name`	Mandatory	Enter the name of the column you are referencing here. To find the name of a column, get the data from this data stream once without any metadata. See the tip above for how to do that. You'll see the column name when you hover over the column in the Table.
`displayName`	Optional	Here you can give the column a user-friendly name
`shape`	Recommended	The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link. Note: Please refer to the list of shapes below this table to see available shapes.
`role`	Recommended	The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role `value` to the column that contains the actual value you want to use in your visualization. Note: Please refer to the list of roles below this table to see available roles.
`visible`	Optional	`true` or `false` Use this if you need a columns content but don't need to display the column itself. Example: Column A contains the full link to a ticket in your ticket system. Column B contains the ticket ID. You want to use the ticket ID as a label for the link, turning the long URL into a much nicer to read "Ticket 123". This is why you need the content of column B, to assign it as a label for column A. But since the URL is now displayed as the ticket ID, it would be redundant to still display column B. This is why you hide column B with `false`.

There are many different shapes you can use for your columns and the list of possible shapes gets expanded constantly:

Basic types, like: boolean, date, number, string
Currency types that get displayed with two decimal values and their currency symbol (for example $23,45), like: currency (generic currency), eur, gbp, usd
Data types, like: bytes, kilobytes, megabytes
Time types, like: seconds, milliseconds, timespan
The status type : state
Utility types, like:
customUnit
url (will be displayed as a link)

Tip:

Some shapes can be configured.

If a shape is configurable, you can edit how the shape displays data in SquaredUp.

See Configurable shapes

`id`	Used by data streams feeding the aggregate health stream to identify their Id column
`label`	A column containing user-friendly names. Line Graphs use this role to group data into series. so each label will get its own line in the Line Graph.
`link`	A column containing a link that can be used as a drilldown in Status Blocks.
`timestamp`	A column containing a date to use on the X -axis of a Line Graph.
`unitLabel`	A column containing user-friendly labels for data series, e.g. ‘Duration’. Line Graphs can use this role to label the Y-axis.
`value`	A column containing the numeric value you want to use in your visualization.

Example 3: Get Time-Series Data for Metric

Note: This Data Stream uses the Splunk Enterprise organization object and doesn't rely on objects coming from other data sources.

Which entry point do I have to select from the dropdown?

Splunk Enterprise Query (Scoped)

Code example:

{
  "name": "SplunkMpoolUsedMetric",
  "dataSourceConfig": {
    "query": "| mstats avg(\"spl.mlog.mpool.used\") WHERE \"index\"=\"_metrics\" span=60s chart=true"
  },
  "matches": { 
    "sourceType": { "type": "equals", "value": "Splunk Enterprise Organization" } 
  },
  "rowPath": [],
  "metadata": [
    { "name": "_time",                    "displayName": "Timestamp", "shape": "date",    "role": "timestamp" },
    { "name": "avg(spl.mlog.mpool.used)", "displayName": "Value",     "shape": "number",  "role": "value" }
  ]
}

name

Mandatory

The internal name of the data stream. Can be used the refer to this data stream in a tile's JSON instead of using the data stream's internal ID.

dataSourceConfig Parameters

query

Mandatory

You can use mustache parameters in the query.

ignoreTimeFrame

Optional

Tiles can be configured to:

Use dashboard timeframe (default). For these tiles the data shown will change when the user changes the dashboard timeframe.
Use a fixed timeframe from the options available. These tiles show a clock icon and hovering shows the fixed timeframe configured. The data will not change when the dashboard timeframe is changed.

Set a default dashboard timeframe

To set the default dashboard timeframe, click the pin icon

when using the dashboard timeframe picker. This sets the initial timeframe for all viewers of the dashboard, including shared dashboards.

matches Parameters

Note: Defining the matches parameter is mandatory.

Format for matches:

//If you want to specify only one value of an object property//
"matches": {
	"ObjectProperty": {
		"type": "equals",
		"value": "ValueOfTheObjectProperty"
	}
},
 
//If you want to specify multiple values for an object property//
"matches": {
	"ObjectProperty": {
 		"type": "oneOf",
		"values": ["ValueOfTheObjectProperty1", "ValueOfTheObjectProperty2", "ValueOfTheObjectProperty3"]
	}
},

Example for limiting a data stream to objects:

If you are using multiple values for the object property, you can decide if you want the data stream to be visible for objects that match all of the criteria or at least one of the criteria.

Lets say you have two values you want objects to have in order for the data stream to be visible for them:

a SourceName property with the value AppDynamics (meaning objects that come from the AppDynamics data source)
a type property with the value app (meaning application objects)

If you want the data stream to be visible only for objects that match both of the criteria, your code would look like this:

"matches": {
    "sourceName": {
      "type": "equals",
      "value": "AppDynamics"
    },
    "type": {
      "type": "equals",
      "value": "app"
    }
  },

If you want the data stream to be visible for objects that match at least one of the criteria, your code would look like this:

"matches": [
    {
        "sourceName": {
            "type": "equals",
            "value": "AppDynamics"
        }
    },
    {
        "type": {
            "type": "equals",
            "value": "app"
        }
    }
]

Note: If you run into errors when configuring the matches parameter, check if you're dealing with a global entry point.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

Global entry points can't use specific objects in the matches parameter. You can identify global entry points by their name, they have "Global", "No Scope" or "Unscoped" added to their name.

There are two possible options for the matches parameter for global entry points:

`"matches": "none",`	When creating a tile, the Data Stream will be shown as long as no scope is selected. As soon as a scope is selected, the Data Stream will be hidden.
`"matches": "all",`	When creating a tile, the Data Stream will be shown as soon as any scope is selected.

metadata Parameter

Optional, but recommended

The metadata parameters are used to describe columns in order to tell SquaredUp what to do with them. You can do multiple things with the metadata parameters:

Specify how SquaredUp should interpret the columns you return and - to an extent - how their content displayed. You do this by giving each column a shape.
The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link.
Filter out or just hide columns.
Only the columns you define in metadata will be returned in the results. This helps you to filter out columns you don't need. If you need the content of a column but don't want to display it, you can use the visible parameter.
Give columns a nicely readable display name.
Assign a specific role to columns .
The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role value to the column that contains the actual value you want to use in your visualization.

Parameters:

Before you start specifying metadata, leave them empty at first and get all the raw data with your new data stream once.

In order to do this, finish creating your custom data stream without metadata and create a tile with this data stream. The Table visualization will show you all raw data.

Use this information to go back to the data stream configuration and specifying the metadata.

`name`	Mandatory	Enter the name of the column you are referencing here. To find the name of a column, get the data from this data stream once without any metadata. See the tip above for how to do that. You'll see the column name when you hover over the column in the Table.
`displayName`	Optional	Here you can give the column a user-friendly name
`shape`	Recommended	The shape you assign to a column tells SquaredUp what the column contains (for example, a number, a date, a currency, a URL, etc.). Based on the shape SquaredUp decides how to display this column, for example to display a URL as a clickable link. Note: Please refer to the list of shapes below this table to see available shapes.
`role`	Recommended	The role you assign to a column tells SquaredUp the purpose of the column. For example, if you have two different columns that contain numbers, you need to assign the role `value` to the column that contains the actual value you want to use in your visualization. Note: Please refer to the list of roles below this table to see available roles.
`visible`	Optional	`true` or `false` Use this if you need a columns content but don't need to display the column itself. Example: Column A contains the full link to a ticket in your ticket system. Column B contains the ticket ID. You want to use the ticket ID as a label for the link, turning the long URL into a much nicer to read "Ticket 123". This is why you need the content of column B, to assign it as a label for column A. But since the URL is now displayed as the ticket ID, it would be redundant to still display column B. This is why you hide column B with `false`.

There are many different shapes you can use for your columns and the list of possible shapes gets expanded constantly:

Basic types, like: boolean, date, number, string
Currency types that get displayed with two decimal values and their currency symbol (for example $23,45), like: currency (generic currency), eur, gbp, usd
Data types, like: bytes, kilobytes, megabytes
Time types, like: seconds, milliseconds, timespan
The status type : state
Utility types, like:
customUnit
url (will be displayed as a link)

Tip:

Some shapes can be configured.

If a shape is configurable, you can edit how the shape displays data in SquaredUp.

See Configurable shapes

`id`	Used by data streams feeding the aggregate health stream to identify their Id column
`label`	A column containing user-friendly names. Line Graphs use this role to group data into series. so each label will get its own line in the Line Graph.
`link`	A column containing a link that can be used as a drilldown in Status Blocks.
`timestamp`	A column containing a date to use on the X -axis of a Line Graph.
`unitLabel`	A column containing user-friendly labels for data series, e.g. ‘Duration’. Line Graphs can use this role to label the Y-axis.
`value`	A column containing the numeric value you want to use in your visualization.

Was this article helpful?

Have more questions or facing an issue?

Submit a ticket