My script written in perl is returning output in following format
SERVER INBUFFER OUTBUFFER
Server9J 6 0
Server3 0 0
Server1 6 0
Server4 0 0
Now I wanted to visualize this output, how I can do this
Kindly suggest how I can do this.
Thanks a lot Nils,
For the clarifications!
The scripts written puts the results to standard output not on a file.
As this script is witten by me only, I can modify its output to other format as well.
What could be correct output format of this data so that I can easyly visualise this data in splunk.
I can also write this data like below:
SERVER=Server9J, INBUFFER=7, OUTBUFFER=5
SERVER=Server1, INBUFFER=2, OUTBUFFER=7
SERVER=Server2, INBUFFER=3, OUTBUFFER=9
SERVER=Server3, INBUFFER=15, OUTBUFFER=14
Will this help to visualize the data?
First i have to say that, as far as i know, there's no way in putting both the in and out buffer for al servers in one graph(it would get verry messy). so my example forces the user to make two pannels, one for the Inbuffer and one for the outbuffer. Here's my approach to the problem:
it depends on the filetype of the output. Splunk can read many different types of files but has it's limits (although they're hard to find). What i do know is that if it's a .txt file or something similar, you should be able to perform field extractions on the contents of the file.
this way you can tag Server9J as a sourcetype. INBUFFER and OUTBUFFER as a field. Although i'm not sure if splunk can read your files like that with the tabs instead of an "=". I myself have not tried it.
when splunk is recognizing the fields an sourcetypes you can compose a fairly easy searchstring to start building your dashboards/graphs/piecharts etc.
If you want a graph showing the In/Out buffer on a graph over time, the string i would write would look a little bit like this(although the prerequisuite is that you put all the sourcetypes in one index):
index="INDEXNAME" | timechart count by YOURFIELDEXTRACTION
with this string, splunk wil look in the index where you have put all your servers as sourcetype and will count all your In/Out buffers, if you indexed it correctly and configured the field extractions properly you should get a nice graph.
you can mail me for further questions.
I hope i helped.