Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Creating a Splunk Dashboard by writing Splunk query

ngwodo
Path Finder
‎09-25-2020 09:06 AM

This is the 2 splunk query that I have:

| tstats latest(_time) as latest where index=* earliest=-48h by host
| eval minutesago=round((now()-latest)/60,0)

| tstats latest(_time) as latest where index=* earliest=-10m by host
| eval minutesago=round((now()-latest)/60,0)

 

I need the Splunk Query to do the following:

 

The log feeds by the actual device products instead of just IPs.

Deeper review of the logs by sourcetypes and sources (not just index=*) given that some tools are sending multiple feeds that are stored on  the same index files.

Tracking short term and long term outages instead of just last 10 min and last 24 hrs.

The use of charts to show visual state of the devices health check instead of tables.

Line charts to show logs feeds baseline vs spikes for last 24hrs/7d/30d.

Ability to drill down under specific stats.

Assets pivoting from an IP/hostname to show full device info (there are multiple lookup tables that have the necessary data).

 

Please I need your help with the splunk query to do the above task.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-25-2020 09:20 AM

Did you not get the magic wand with your starter pack?

You have a lot of requirements there. Start with the one you think is easiest and build from there. The more you play with splunk and your data, the better you will understand both, and the more you will be able to do with both. Alternatively, find a budget and hire some professional services.

0 Karma
Reply

ngwodo
Path Finder
‎09-27-2020 07:15 PM

Thanks the starter pack works. I am working on building on it since I have more broader requirements.

0 Karma
Reply

ngwodo
Path Finder
‎09-25-2020 09:24 AM

Please is there anyway you can assist me with any of those?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-25-2020 09:29 AM

Of those requirements, I would probably start by counting the number of log entries per hour or minute and chart that. Then you will get an idea of the shape of the data you are receiving. Then decide what useful information you want out of that.

0 Karma
Reply

ngwodo
Path Finder
‎09-27-2020 07:13 PM

Thanks for your help. I will work on it and probably may have questions. Thanks again.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...