Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Could Splunk make an EKG Stripchart?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could Splunk make an EKG Stripchart?
I have a raspberry pi with a heart sensor on it for generating EKG data. My program spits out about 1000 points per second, which I can run a 10 point simple moving average on to get a decent picture of the EKG signal. I export the data to a file and can plot it in Excel and it looks just like it should.
I was wondering if Splunk could show a realtime EKG like a strip chart... so I set up a TCP listener and pump the data out to it... but for some reason, I can't figure out a search/chart pattern that displays anything vaguely resembling the signal data.
Is this too much data, too fast, for Splunk to handle?
Any ideas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you shows us a sample of the log as well as a sample graph?
I'm afraid you simply graph it using Splunk's default "line chart".
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm... I thought Splunk put the timestamp on when it was received, but I suppose I can too... just needs to be at the sub-second level.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's true, Splunk adds one at index time, but the time this happens depends on how you are consuming the data (over network, local/remote file/dir monitoring, etc) and the frequency/polling between updates. Whenever there is a new measure, the file gets updated or is it done in bigger chunks?
I believe it's is "safer" to rely on -your- timestamp, especially giving that that might exist a delay between any stage of data transport, especially if it's over the network, etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't you have any time-value available on the log/line? If you don't have the exact time of the measurement, then you would just have the time when the file itself was generated, right?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The log is just a file of one line per reading, between 0 and 5.. eg:
1.798631
1.446725
1.368524
1.446725
1.70088
2.057673
2.42913
2.683285
2.702835
2.487781
2.135875
1.798631
1.524927
1.368524
1.388074
1.568915
1.88172
2.253177
2.585533
2.722385
2.585533
2.272727
1.901271
1.608016
1.427175
1.388074
1.524927
1.798631
2.174976
2.546432
2.781036
2.722385
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
