“You think Splunk will talk to Tableau?”
“What? I thought they didn’t get along!”
The human mind works in mysterious ways. I had been building visualizations in both Tableau and Splunk, and making comparisons was inevitable. I thought these were two tools that could be used alternatively.
Then, one fine day I came across this..
I had been so wrong.
Tableau has always been a visualization tool. Splunk on the other hand..allows you to build visualizations. Its USP however has always been its ability to handle huge amounts of machine data. These were now two star crossed lovers that were meant to be together. There was definitely a (ODBC) connection between the two.
It was this connection that opened a whole new world of possibilities.
Splunk does a brilliant job at handling all kinds of data you throw at it, and Tableau has been my go-to tool for building visualizations. Connecting the two allowed me to visualize my saved Splunk searches in Tableau. Talk about getting the best of both worlds.
This is the sample search I used to analyze all “Splunk searches” that happened over the past 30 days. Since all Splunk instances keep track of its audit logs, you can use this exact same search on your Splunk instance as well. I then built a simple visualization in both Splunk and Tableau using this saved search.
Splunk Search
index=_audit earliest = -30d@d action=search user=* | timechart span=1d count by info | fields - granted
Splunk Visualization
Tableau Visualization
See the difference?
Splunk visualizations are beautiful and get the job done in most cases, Tableau however gives you that added interactivity. Filters, hierarchy, grouping, forecasting, clustering are some of the features that make it such a popular and powerful visual analytics tool. But it’s Tableau’s amazing drag and drop interface that wins it for me. Building beautiful interactive visualizations has never been easier. Why is it so important? Better visualization dashboards mean meaningful insights, and meaningful insights lead to data-driven decision making.
But this is not just me talking, all this makes sense from a corporate standpoint as well. Tom might be your data guy, Dick might be the one who builds visualizations and Harry might be the business analyst. The Splunk – Tableau connection is like your mini business intelligence unit.
“Look, Splunk’s talking to Tableau. They seem to be hitting it off.”
“They sure do look good together!”