Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a dashboard view with status indicators on a bubble graph?

bkumarm
Contributor
‎12-06-2015 06:41 AM

I have a view that is thought to be useful for providing a information to our users.
I have no idea if this can be achieved in Splunk.
The need is that we display the failure points based on log data and then user should be able to drill down on click at that point.
Also it would be great if an error message can be displayed too.

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-06-2015 08:31 AM

You will need this app for that https://splunkbase.splunk.com/app/1603/

View solution in original post

Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-06-2015 08:31 AM

You will need this app for that https://splunkbase.splunk.com/app/1603/

Reply
Solved! Jump to solution

bkumarm
Contributor
‎12-06-2015 08:27 AM

Here is some sample data that can be used for generating this view.
File1 belongs to App1
File2 belongs to App2
File3 belongs to App3

the application status should be shown based on the failures. Fails are identified by an Error() string.
Note that the third file is a Error dump and not actually a structured log.

File1:

Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Service installed on port,414d512050423120202020565d7c2320099b2a, Error(Invalid Data)
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonMsgPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] mpgw(CommonBinaryPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171729): Connection succeeded,414d512050423120202020565d7c2320099b2a, Error(URL ….)
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171633): Connection succeeded,414d51205042312020202055a1b9d422a6e502, Error()
Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonDataPassthrough): tid(111): Service installed on port, Error(" Could not get response")
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Operational state up, Error(" Invalid Data found")

File2:

07:27:52.820',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6,'TEST.MSG.TEST1'
2015-11-16 07:28:00.176457,'TEST.MSG.TEST2',NULL,X'414d512050423120202020565d7c2320099b2a',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:28:00.178487,'TEST.MSG.TEST3',NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d512050425131574544312020202055c28d792f442e8f'
2015-11-16 07:28:02.709618,'TEST.MSG.TEST1',DATE '2015-11-16' GMTTIME '07:28:00.950',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6
2015-11-16 07:28:04.066394,'TEST.REPLY',NULL,NULL,NULL,NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:40:31.533186,'TEST.MSG.TEST1 '2015-11-16' GMTTIME '07:40:31.510',X'414d51205042312020202055a1b9d422a6e502',X'000000000000000000000000000000000000000000000000',4,''

File3:

******* MessageID: X'414d5120505344322020202006f84f53cd9bb002' *******
******* 2015-11-03 11:26:29.663561 TEST.MSG.TEST1 *******
( ['APP1' : 0x11d1f2b0]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught exception and rethrowing' (CHARACTER)
)
)
******* MessageID: X'414d51205042312020202055a1b9d422a6e502' *******
******* 2015-11-03 11:26:45.663461 TEST.MSG.TEST2 *******
( ['APP2' : 0x11d1f2b1]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught another exception and rethrowing' (CHARACTER)
0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...