All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Could Splunk make an EKG Stripchart?

fblau
Explorer
‎02-04-2015 08:53 PM

I have a raspberry pi with a heart sensor on it for generating EKG data. My program spits out about 1000 points per second, which I can run a 10 point simple moving average on to get a decent picture of the EKG signal. I export the data to a file and can plot it in Excel and it looks just like it should.

I was wondering if Splunk could show a realtime EKG like a strip chart... so I set up a TCP listener and pump the data out to it... but for some reason, I can't figure out a search/chart pattern that displays anything vaguely resembling the signal data.

Is this too much data, too fast, for Splunk to handle?

Any ideas?

Tags (1)
0 Karma
Reply

inode
Explorer
‎02-05-2015 12:23 AM

Can you shows us a sample of the log as well as a sample graph?

I'm afraid you simply graph it using Splunk's default "line chart".

0 Karma
Reply

fblau
Explorer
‎02-05-2015 11:52 AM

Hmm... I thought Splunk put the timestamp on when it was received, but I suppose I can too... just needs to be at the sub-second level.

0 Karma
Reply

inode
Explorer
‎02-05-2015 12:26 PM

That's true, Splunk adds one at index time, but the time this happens depends on how you are consuming the data (over network, local/remote file/dir monitoring, etc) and the frequency/polling between updates. Whenever there is a new measure, the file gets updated or is it done in bigger chunks?

I believe it's is "safer" to rely on -your- timestamp, especially giving that that might exist a delay between any stage of data transport, especially if it's over the network, etc.

0 Karma
Reply

inode
Explorer
‎02-05-2015 11:48 AM

Don't you have any time-value available on the log/line? If you don't have the exact time of the measurement, then you would just have the time when the file itself was generated, right?

0 Karma
Reply

fblau
Explorer
‎02-05-2015 11:35 AM

The log is just a file of one line per reading, between 0 and 5.. eg:

1.798631
1.446725
1.368524
1.446725
1.70088
2.057673
2.42913
2.683285
2.702835
2.487781
2.135875
1.798631
1.524927
1.368524
1.388074
1.568915
1.88172
2.253177
2.585533
2.722385
2.585533
2.272727
1.901271
1.608016
1.427175
1.388074
1.524927
1.798631
2.174976
2.546432
2.781036
2.722385

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...