- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How I visualize my data mentioned
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How I visualize my data mentioned
Hello Experts
My script written in perl is returning output in following format
12/5/13
4:10:05.000 AM
SERVER INBUFFER OUTBUFFER
Server9J 6 0
Server3 0 0
Server1 6 0
Server4 0 0
Now I wanted to visualize this output, how I can do this
- First How inbuffer/outbuffer count varying for a specifc server with time, To understand the spike of inbuffer/outbuffer for a specific time
- Display current status of each server in as per inbuffer/outbuffer in dashboard.
Kindly suggest how I can do this.
Best regards,
Yadvendra
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot Nils,
For the clarifications!
The scripts written puts the results to standard output not on a file.
As this script is witten by me only, I can modify its output to other format as well.
What could be correct output format of this data so that I can easyly visualise this data in splunk.
I can also write this data like below:
SERVER=Server9J, INBUFFER=7, OUTBUFFER=5
SERVER=Server1, INBUFFER=2, OUTBUFFER=7
SERVER=Server2, INBUFFER=3, OUTBUFFER=9
SERVER=Server3, INBUFFER=15, OUTBUFFER=14
Will this help to visualize the data?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First i have to say that, as far as i know, there's no way in putting both the in and out buffer for al servers in one graph(it would get verry messy). so my example forces the user to make two pannels, one for the Inbuffer and one for the outbuffer. Here's my approach to the problem:
it depends on the filetype of the output. Splunk can read many different types of files but has it's limits (although they're hard to find). What i do know is that if it's a .txt file or something similar, you should be able to perform field extractions on the contents of the file.
this way you can tag Server9J as a sourcetype. INBUFFER and OUTBUFFER as a field. Although i'm not sure if splunk can read your files like that with the tabs instead of an "=". I myself have not tried it.
when splunk is recognizing the fields an sourcetypes you can compose a fairly easy searchstring to start building your dashboards/graphs/piecharts etc.
If you want a graph showing the In/Out buffer on a graph over time, the string i would write would look a little bit like this(although the prerequisuite is that you put all the sourcetypes in one index):
index="INDEXNAME" | timechart count by YOURFIELDEXTRACTION
with this string, splunk wil look in the index where you have put all your servers as sourcetype and will count all your In/Out buffers, if you indexed it correctly and configured the field extractions properly you should get a nice graph.
you can mail me for further questions.
I hope i helped.
-Nils
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
