Skip to main content
Skip table of contents

Dashboards

Dashboards refer to the interchangeable widget-based user interfaces on the Dashboards page, Analyze page, Cases page, and Reports page. Predefined dashboards are available for these pages, but you can also create, customize, and save additional dashboards to accommodate your different information needs.

When you first log in to the Web Console, the Dashboards page displays. This is your main view for reviewing real-time Events data as it is processed through LogRhythm SIEM in easy-to-read charts and graphs that automatically update their displays to reflect changes in live data. The Web Console can display up to the last 250,000 Events (approximately) in the cache.

If you are logged in as a restricted user, the Processing Rate gauge, Trend chart, Component Status widget, System Database Usage widget, and Threat Activity Map do not appear on the Dashboards page. Global Admins can set Management Permissions in the Client Console to allow Restricted Admins view permissions for the Database Usage, Component Status, and Processing widgets.

The name next to the Dashboard icon on the upper-right side of the relevant pages tells you which dashboard displays.

Event Dashboards vs. Data Indexer Dashboards

There are two types of dashboards that can be created within the Web Console: Event dashboards and Data Indexer (DX) dashboards. While Event dashboards can be useful to display information about small datasets contained within the Web Console cache, a DX dashboard may be required to query larger datasets over longer periods without requiring logs to be classified as “events.”

Data Indexer dashboards are only available to users with LogRhythm SIEM version 7.20 or higher.

Refer to this table for more information on the differences between the two types of dashboards:

Dashboard

Description

Event Dashboard

Use Event data stored in the Web Console cache. To populate a widget, the data must be available in both the Event dashboard and the cache.

Data Indexer Dashboard

Query larger datasets over longer periods without requiring logs to be classified as “events.” Uses all log data in the Data Indexer to populate widgets, providing greater dashboard flexibility. DX dashboards allow you to add up to 10 individual TopX widgets with separate queries, and visualize up to 30 days of data.

DX dashboards also include a refresh setting, allowing you to determine how often the widgets on the dashboard update with new information. This timeframe can be set to as small as one minute or as large as 24 hours.

Because of the potentially large datasets involved in generating DX dashboards, widgets may take an extended period of time to load depending on the size of your environment and the amount of data being requested. This can impact performance of the DX on older HDD-based models; therefore, Exabeam recommends using an SSD for all DX data. To help alleviate this issue, the number of widgets on a DX dashboard is limited to 10 or fewer.

Public vs. Private Dashboard Layouts

Public dashboards can be accessed by all Web Console users, but only Global Administrators can create or modify them. A private dashboard view can be accessed and viewed only by the individual user who created it. Permission to create and manage private dashboards extends to all users.

You can download Dashboards by going to the LogRhythm Community and clicking on the Shareables link on menu at the top of the page. The filters allow you to choose from supported and unsupported Dashboards, as well as ones created by LogRhythm or by other users.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close