Skip to content

Add Buttercup Enterprises Operations Dashboard (Dashboard Studio)#5

Draft
dd-Splunk wants to merge 1 commit into
mainfrom
cursor/buttercup-dashboard-f27d
Draft

Add Buttercup Enterprises Operations Dashboard (Dashboard Studio)#5
dd-Splunk wants to merge 1 commit into
mainfrom
cursor/buttercup-dashboard-f27d

Conversation

@dd-Splunk

@dd-Splunk dd-Splunk commented Jun 19, 2026

Copy link
Copy Markdown
Owner

Summary

Adds a shipped Dashboard Studio view for the Buttercup Enterprises workshop (SA-S4R), with five panels aligned to the S4R SPL catalog and the requested multi-team layout.

Dashboard

  • Path: SA-S4R/default/data/ui/views/buttercup_operations_dashboard.xml
  • Title: Buttercup Enterprises — Operations Dashboard
  • Background: Indigo #791CF8 (RGB 121, 28, 248)
  • Time range: Last hour (-1h,now) via global time picker
  • Refresh: 1 minute (refresh: 1m, refreshType: delay)

Panels

# Title Visualization SPL source
1 IT Ops - Web Server Status Codes Over Time Stacked column timechart count by status limit=10
2 DevOps - Top 20 Customer Platforms Horizontal bar top limit=20 platform
3 DevOps - Browser Failures Over Time Line status>=400 | timechart … useragent
4 Business Analytics - Lost Revenue from Failed Purchases Area action=purchase status>=400 | lookup … | timechart sum(product_price)
5 Security & Fraud - Geographic Activity Heat Map Map (bubble/geostats) iplocation clientip | geostats count by City

Supporting changes

  • props.conf: EXTRACT-platform so DevOps platform panel works without manual Lab 4 field extraction
  • default.meta: View ACL limited to admin, sc_admin, power, and user roles (revenue/geo panels are on this restricted view)
  • nav/default.xml: Nav link + indigo app chrome color
  • scripts/validate-s4r-dashboard-queries.sh: Runs all five panel queries via Splunk MCP splunk_run_query
  • make validate-s4r-dashboard: Makefile wrapper for the validation script

How to verify (local Splunk)

make up
make validate-s4r-dashboard

Open Splunk Web → Splunk4Rookies app → Buttercup Enterprises — Operations Dashboard.

Notes

  • Splunk MCP was not available in the cloud agent environment (no Docker/Splunk). Panel SPL matches docs/S4R-SPL-CATALOG.md; validate live with make validate-s4r-dashboard after make up.
  • Panel-level ACL within a single Dashboard Studio view is limited; sensitive panels are protected via view-level role ACL. Split views or role-specific apps if finer-grained access is required in production.
Open in Web Open in Cursor 

@cursoragent @dd-Splunk
Add Buttercup Operations Dashboard for SA-S4R workshop
4d62cd1 
Ship a Dashboard Studio view with five team panels (IT Ops, DevOps,
Business Analytics, Security & Fraud) using canonical SPL from the S4R
catalog. Default time range is the last hour with one-minute refresh.

Also add platform field extraction for DevOps panels, nav entry, view
ACL metadata, and an MCP validation script (make validate-s4r-dashboard).

Co-authored-by: D. Dessy (Splunk) <ddessy@splunk.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dd-Splunk @cursoragent