All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does anyone have example on how to do basic analysis with Splunk & R Project App?

dougdaly
New Member
‎09-09-2014 06:46 AM

The R Project app w/ Splunk is intriguing, but though the examples look ok, I'd like an example "Hello World +" script to get going. Does anyone have something like the following:
1. Perform search which has several fields
2. Pipe result into R where a couple fields of the fields are used.
3. Pipe output back to Splunk for visualization based on R analysis and other searched data.

Sounds simple, huh? Really appreciate the example!

Thank you.

Tags (2)
0 Karma
Reply

dougdaly
New Member
‎09-21-2014 09:43 PM

Here's a simple R-script that worked w/ Splunk. In short, start with a Splunk table, which becomes an R data frame. In my case, I crunched the data as a matrix and converted back to a data frame. Returned the data frame back to Splunk, which is viewed as a Splunk table.

splunk_demo <- function(data_input)
{

define the time factor

Time <- data.frame(as.POSIXct(unique(data_input$X_time),origin = "1970-01-01"))
names(Time) = "Time"

order input data by CLIENT, Time

data_input <- data_input[order(data_input$CLIENT, data_input$X_time),]

define labels based on CLIENT

s <- sort(unique(data_input$CLIENT))

convert input data to matrix for analysis

data_raw <- matrix(data_input$c_ok, ncol=length(s))

apply recursive filter to each input -- define filtered data

scale <- 0.25
data_out <- rbind(data_raw[seq(from=10, to=1, by=-1),],data_raw)
data_out <- filter(data_out* scale, (1-scale), "recursive")

define labels for the filtered data

s_out <- matrix(paste(s,"est",sep="-"),ncol=length(s))

data_out<- data.frame(data_out)
names(data_out) <- s_out

define output table

#raw data has matrix of counts
output <- cbind(Time ,data_out)
return(output)
}

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...