Archive
Highlighted

Does anyone have example on how to do basic analysis with Splunk & R Project App?

New Member

The R Project app w/ Splunk is intriguing, but though the examples look ok, I'd like an example "Hello World +" script to get going. Does anyone have something like the following:
1. Perform search which has several fields
2. Pipe result into R where a couple fields of the fields are used.
3. Pipe output back to Splunk for visualization based on R analysis and other searched data.

Sounds simple, huh? Really appreciate the example!

Thank you.

Tags (2)
0 Karma
Highlighted

Re: Does anyone have example on how to do basic analysis with Splunk & R Project App?

New Member

Here's a simple R-script that worked w/ Splunk. In short, start with a Splunk table, which becomes an R data frame. In my case, I crunched the data as a matrix and converted back to a data frame. Returned the data frame back to Splunk, which is viewed as a Splunk table.

splunkdemo <- function(datainput)
{

define the time factor

Time <- data.frame(as.POSIXct(unique(datainput$Xtime),origin = "1970-01-01"))
names(Time) = "Time"

order input data by CLIENT, Time

datainput <- datainput[order(datainput$CLIENT, datainput$X_time),]

define labels based on CLIENT

s <- sort(unique(data_input$CLIENT))

convert input data to matrix for analysis

dataraw <- matrix(datainput$c_ok, ncol=length(s))

apply recursive filter to each input -- define filtered data

scale <- 0.25
dataout <- rbind(dataraw[seq(from=10, to=1, by=-1),],dataraw)
data
out <- filter(data_out* scale, (1-scale), "recursive")

define labels for the filtered data

s_out <- matrix(paste(s,"est",sep="-"),ncol=length(s))

dataout<- data.frame(dataout)
names(dataout) <- sout

define output table

#raw data has matrix of counts
output <- cbind(Time ,data_out)
return(output)
}

0 Karma