Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add additional ad-hoc data (one time input) to create graphs in dashboard

abhivar3
New Member
‎06-21-2018 06:26 AM

Hello Guys,

I am splunk end user and have limited access to splunk app UI, I am quite new to this and would require your help.
Our admin team gets the data loaded into our splunk app from our servers, from that data I have created dashboard which has graphs for various things.

But the log does not contain certain information for which I want to create graph so would like to supply this new raw data manually. I searched online and can see this can be done by adding/installing add-ons but as I said I have limited access.

Can anyone suggest how can I achieve same?
I came across Text input [tokens], is it possible to supply my data in some format in the text input box and then create a graph out of it. For example I have to create graph of some ticket count per day, I can supply data in below format and would like to create a bar chart showing ticket count per day.

01.05.2018:3|02.05.2018:12|03.05.2018:21|04.05.2018:41|05.05.2018:12|06.05.2018:22|07.05.2018:51|08.05.2018:5

Any help will be much appreciated.

0 Karma
Reply

somesoni2
Revered Legend
‎06-21-2018 08:44 AM

How about you put this data in a lookup file and upload to Splunk? (you should've access to create private lookups) You can use a text input as well but it will have limited input string length and there would a further restriction of browser's URL length. For reference, here is what your search would look like if using text input to get that colon/pipe separate data

| gentimes start=-1 | eval temp="$YourToken$" | table temp | makemv temp delim="|" | mvexpand temp | rex field=temp "(?<Date>.+)\:(?<count>.+)" | eval _time=strptime(Date,"%m.%d.%Y") | timechart span=1d sum(count) as count
0 Karma
Reply

abhivar3
New Member
‎06-22-2018 12:40 AM

Thanks somesoni2 for your suggestion, let me try both of these out. Will come back to you with updates.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...