Splunk for non-streaming data (structured)



I will be using Splunk for non-streaming information. The reason I am using Splunk is a) my company already has licenses and b) the power of transforming data into visualizations.

I am using a Postgres database. I expect to update Splunk with new data 1-3 times a day, as the information does not change frequently. The biggest goal is visualization of employee timesheets and project man hours for executive decisions on ROI and financial considerations.

I am looking for recommended blogs/articles/documents/books on using Splunk for business analysis, but without the focus on streaming data.

Does anyone have any good resources, or can share their own insights?

0 Karma

Super Champion

I'm not sure if you're using Splunk DB Connect yet, but if you're looking at using Postgres data with Splunk, I'm sure you are. If not, this is a lifesaver for using Splunk to visualize DB data.

Next, D3 visualizations and other Splunkbase visualizations are key. Seriously.
a favorite visualization of mine. this is great to visualize timesheets if you're logging by project. the "y-axis" can be employee and each color of the gantt chart is a project. it really honestly depends on how the timesheets are logged (if they have start/end times or just logged hours/week)

tons of visualizations are available here . all d3, so you need to add them to the app's folder, but this makes Splunk really customizable.

If you're going to .conf2018, i could talk your ear off on this topic. This is my world. Also, you can find me on slack if you want to talk more.