Manage Dashboards

Security Requirements and Controls

When using an existing dashboard within your LogScale instance, you can choose to navigate around the dashboard view, change, share and alter the dashboard, and configure the dashboard access.

Access Existing Dashboards

Security Requirements and Controls

If you need to access previously created dashboards to consult them or edit them, first check your permissions: you might not have the permissions to some of the repositories or views containing those dashboards.

To access existing dashboards across all repositories and views:

  1. Click the All Dashboards tab from the top menu bar to get the full list of existing dashboards: for example, one entry in the list could be humio-metrics / Errors where humio-metrics is the name of the repository and Errors is the dashboard name within that repository.

    Access Existing Dashboards

    Figure 126. Access Existing Dashboards


  2. Select the desired dashboard by clicking the title after the slash: the dashboard and all its widgets will load (clicking the first item instead redirects you to the Search tab in that repository).

Tip

Click the star icon next to a dashboard to save it as favorite: it will go on top of the list for quicker access and will appear under Starred Dashboards in the main User Interface.

Main Operations

Click the three-dot menu on the upper right corner of a dashboard to perform the following operations:

  • Wall Monitors & Shared URLs — allows to share read-only dashboards. See Sharing Dashboards section below for more details.

  • Duplicate — creates an identical dashboard. You are prompted to provide:

    • Dashboard Name is the name you assign to the copied dashboard.

    • Target Repository or View is the repository or view where you want to store your copied dashboard.

  • Export as PDF report — allows you to export the dashboard in PDF with several print options such as add the dashboard title in the header or the time window it was executed, set it as portrait or landscape, etc.

    For more information, see Export Dashboards as PDF.

  • Asset sharing — allows you to give another user or group access to read, edit, or delete dashboards.

    For more information, see Permissions for dashboards.

  • Rename — allows you to change the name of the existing dashboard.

  • Export as template — allows you to create a template from the current dashboard, which you may reuse for new empty dashboards, as explained in Create Dashboards and Widgets.

  • Delete — deletes the dashboard and all associated widgets. Removal of a dashboard cannot be undone. To create a backup of the dashboard, consider using the Export as template option to keep a copy of the dashboard and its configuration.

Dashboard Options

Figure 127. Dashboard Options


The same dropdown menu is also available by clicking the cog icon in the list of all dashboards (see Figure 126, “Access Existing Dashboards”) or through the three-dot menu next to each dashboard in a given repository, see Figure 121, “Dashboards Tab”.

Sharing Dashboards

Security Requirements and Controls

Dashboards can be shared using a unique URL. Dashboards shared in this way are read only and can be used to share the dashboard with others, or when using the dashboard as part of a wall monitor. A shared dashboard does not need to authenticate and does not rely on sessions as users do, so sharing should be done with care as everyone with the link will be able to see the dashboard (if an IP filter is set, users need to be within the IP range).

To share dashboards in this way:

  1. Access the dropdown menu in the Query Editor.

  2. A dialog box will open — enter a name in the Link Name field.

  3. Queries run by the dashboard can either be executed on behalf of the organization or on behalf of the user who created the shared dashboard. For more information, see Organization Owned Queries.

  4. If the Dashboard security policies has not enforced an organization-wide IP filter, an optional IP filter can be selected. If the security policy enforces an IP filter, you will see the IP filter next to the Active dashboard URL. See IP Filters.

Disabling Access to Shared Dashboards

Security Requirements and Controls

  • Update dashboards permission

Because shared dashboards are accessible to anyone who has a link to them, there is a risk of unwanted information disclosure; therefore, in some cases you might want to prevent certain users from accessing these dashboards. You can do this in two ways:

  • Set the variable SHARED_DASHBOARDS_ENABLED configured to false to keep dashboards sharing disabled across the entire cluster. This configuration disables the + Create new link button.

  • Disable dashboard sharing via the UI — see Dashboard security policies for details.

When trying to access a shared dashboard that has been disabled afterward, two possible cases apply:

  • Users opened a shared dashboard before it became unavailable, meaning the dashboard is running — they are presented with an error and the dashboard changes status to reflect this. Furthermore, if access to that dashboard is re-enabled, it will come back for these users, without any manual intervention needed.

  • Users attempt to open a link to a shared dashboard after it became unavailable — they do not get any error message and it will look like it isn't a real dashboard. If the dashboard is re-enabled, these users will need to manually refresh the page to see the dashboard.

Restricting Access with IP Filters

Security Requirements and Controls

Once you have created read-only dashboards with the option Wall Monitors & Shared URLs, you can restrict their access to certain IP addresses only.

See Dashboard security policies for instructions on how to enable read-only dashboards for sharing. For information on limiting dashboard access to certain IPs only, see IP Filters.

Permissions for dashboards

Security Requirements and Controls

Sometimes you might want to collaborate with another user on a dashboard, but that user does not have permission to dashboards in the view. If you have permissions to do so, you can grant permissions to that user to edit and delete a particular dashboard in a view. For more information about asset permissions, see Asset permissions.

If you do not have Change user access permission on the repository, you will see a list of users only (no groups) that already have at least Read permissions on the repository. You can select from these users and give them more permissions (up to the same permissions you have).

To grant access to edit or delete a dashboard to another user or group:

Show:

The creator of an asset and regular users can share the same permissions that they have to the asset with users who already have read access to the view. You cannot share access with users who do not have read access to the view. You cannot share access with groups at all.

  1. Click ⋮ next to the dashboard you want to share and select Asset sharing.

  2. In the Users and groups with access window you see users who currently have access to the dashboard and what access they have.

  3. Click Share dashboard.

  4. Click to select the user to get additional permissions. Note that you can only see users who already have read permission to the view. Click Next.

  5. Select the appropriate permissions to assign. Click Grant permissions.