Grafana

Humio has built-in support for dashboards, but if you are using Grafana for visualizing your data from different sources and would prefer to keep everything in Grafana you can use Humio’s Grafana plugin.

If you’re interested in contributing to the further development of the plugin, please look at the documentation found on the plugin’s GitHub repository.

Installing the plugin

  1. Download the latest version of the plugin from the our list of releases.
  2. Unzip the downloaded file, humio2grafana.zip. This yields the humio2grafana folder, which you must place into the data/plugins directory in your Grafana install directory. Note that the default install directory varies by OS
    • Linux: /var/lib/grafana/
    • MacOS: /usr/local/var/lib/grafana/
    • Windows: C:\Program Files\GrafanaLabs\grafana\
  3. Restart your Grafana service.

Building the plugin

You may need to build the plugin yourself if a release hasn’t already been made available with the newest updates, or if you’re testing out an experimental branch of the repository.

  1. Run git clone git@github.com:humio/humio2grafana.git
  2. Run cd humio2grafana
  3. Run yarn install to install dependencies
  4. Run yarn run grafana-toolkit plugin:dev to build the plugin and place it in the dist folder

From this point you can install the plugin for use with Grafana as explained above.

Setting up a Humio data source

Before you can populate your dashboards with Humio data, you must register a Humio data source to your Grafana instance by following these steps:

  1. Log in to your Grafana instance through the browser.
  2. Go to Configuration > Data Sources.
  3. Click Add data source.
  4. Choose the Humio data source from the list.
    • The plugin will be marked as unsigned, as it is not officially sponsored by Grafana. However this doesn’t affect usage of the plugin.
  5. Name your data source
  6. Input the Url of your Humio instance
  7. Configure how to authenticate against Humio. There are several options.
    1. Using one of the many default configuration options provided by Grafana under Auth.
    2. Using a Humio token under Humio Token Authentication.
  8. Click Save & Test. You’ll get a “Success” message if the plugin was able to connect to your Humio instance.

Notes on Authentication

The type of authentication you choose for your data source depends on your use case. If you authenticate via token, which is tied to a specific Humio user, all Grafana users will authenticate against Humio as the same Humio user. Thus it is a good option, if you do not need to differentiate between users within Grafana with regards to Humio.

However if you do need to differentiate your users, it is advisable to use authentication without the use of a Humio token, such as OAuth forwarding. This will allow Grafana users to interact with the Humio data source as their own Humio user.

Adding a New Humio panel to a Dashboard

To add a Humio panel to a dashboard, simply add a new panel widget and select your new Humio data source as the panel’s data source. You can then write regular Humio queries for the panel to populate it with data.

Widget types

Grafana offers many different types of widgets to display data queried from Humio. Depending on the type of widget you choose, your query is expected to return a certain data format to populate it. The data format returned by a query depends on the last function in its pipeline. For instance, given the query: groupby(...) | count(), the data format returned is decided by count(). In this example, count() returns a single data point.

In the following, we give some examples that work well with the different widget types. This is not an exhaustive list, but is meant as a starting point.

Graph

The graph widget is suited for showing time-series data. Use the timechart() function to return data formatted for this widget.

Table

The table widget is suited for showing tabular data. Use the table() function to return data formatted for this widget.

Stat/Gauge/Bar Gauge

These widgets are suited for showing a single metric across different groups of data. Use the groupby() function to return data formatted for this widget.

Singlestat

The Singlestat widget is suited for showing a single number. You can populate it with functions that return a single datapoint such as count().

Worldmap

The Worldmap widget is very useful for showing locational data, but it is not included in the standard Grafana installation. You can install it as a plugin from its plugin page.

To populate your widget use the worldmap() function. As an example, if you want to decide location by ip use worldmap(ip={your ip field here}). Given this query, the widget must be configured in the following manner to be shown correctly

Field Value
Location Data Table
Aggregation Total
Table Query Format geohash
Location Name Field geohash
Metric Field magnitude
Geohash Field geohash

Query Variables

The plugin supports populating Grafana variables using Humio queries. Both aggregate and filter queries can be used to populate a variable. In addition to the query, you must provide: * The Humio repo to query * The name of the event field in the returned events to extract the variable contents from

You must press the Execute Humio Query button on the variables screen to query Humio for variable values and get a set of variable values to appear on the bottom of the screen.

We support both the All and Multi-Value feature for query variables. When a variable evaulates to more than one value in a query, it will interpolated to the format /^val1|val2...|valN$/, so you need to keep account of that in your queries.

Annotations

The plugin supports annotations based on Humio filter queries. Given the return of a filter query, each event will be turned into an annotation and its @timestamp field will define where in time to place the annotation.

In addition to the query you also need to define: * The Humio repo to query * The name of the event field in the returned events to extract the annotation text from

Annotations are applied dashboard-wide, as Grafana doesn’t yet support the option of doing Annotations for individual panels.

Note that Grafana variables may be used in annotation queries.

Tips

Use a saved query

It is a good idea to create and maintain the queries you use in your Grafana dashboards in Humio’s own UI Then create Saved Queries for them and call them by name in Grafana instead of writing the entire query in Grafana. This way you have all your queries collected in one place.

Example

Create a query in Humio’s UI and give it the name “MyQuery”

#source=console.log loglevel=ERROR | timechart()

Then from Grafana call it by name

$MyQuery()

Use live queries

A live Humio query can be used to continuously update a Grafana dashboard over time. To activate live queries on your dashboard, make sure that its time range is set relative to the present point in time and that automatic refresh of the dashboard has been activated.

As an example, set the time range to be last 10 minutes and the refresh rate to be 1m.

Configuring the bar gauge

Grafana’s bar gauge widget is still in beta, so it may not always behave as you expect. Here are a few tips to help configure the widget.

Ensuring Visibility of Gauge Names

The default behavior of the widget is to only show the names of gauges when there is more than one gauge on the chart. You may however find that you want to have your gauges named, even there is only a single one.

To do this go to the Visualization tab of the widget and enter ${__series.name} into the Title field.

Ensuring proportionality between gauges

Grafana may “zoom in” on gauges in the widget, meaning that the smallest gauge becomes a lot shorter than the rest of the gauges. If you want to “zoom out” this view, and have some more accurate proportions, try and set the min field to 0 under the Visualization tab.

Using Filter Queries

Please note that Humio filter queries can be used with variables and annotations. The standard result size of filter queries will always be 200 events. If you need more events from a query, append | tail(x) to your query, where x is the number of returned events. This default limit is in place because it is very easy for even simple queries on medium-sized Humio repos to have results that are several GB in size. Such a sizable result is usually not helpful and is likely to crash the Grafana frontend in your browser. Therefore, we leave the return size up to the user, and we urge you to try to be as specific with your queries as possible.

For more information