Dashboards & Visualizations

How to create a dashboard view with status indicators on a bubble graph?

bkumarm
Contributor

I have a view that is thought to be useful for providing a information to our users.
I have no idea if this can be achieved in Splunk.
The need is that we display the failure points based on log data and then user should be able to drill down on click at that point.
Also it would be great if an error message can be displayed too.

alt text

0 Karma
1 Solution

sundareshr
Legend

sundareshr
Legend

You will need this app for that https://splunkbase.splunk.com/app/1603/

bkumarm
Contributor

Here is some sample data that can be used for generating this view.
File1 belongs to App1
File2 belongs to App2
File3 belongs to App3

the application status should be shown based on the failures. Fails are identified by an Error() string.
Note that the third file is a Error dump and not actually a structured log.

File1:

Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Service installed on port,414d512050423120202020565d7c2320099b2a, Error(Invalid Data)
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonMsgPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] mpgw(CommonBinaryPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171729): Connection succeeded,414d512050423120202020565d7c2320099b2a, Error(URL ….)
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171633): Connection succeeded,414d51205042312020202055a1b9d422a6e502, Error()
Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonDataPassthrough): tid(111): Service installed on port, Error(" Could not get response")
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Operational state up, Error(" Invalid Data found")

File2:

07:27:52.820',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6,'TEST.MSG.TEST1'
2015-11-16 07:28:00.176457,'TEST.MSG.TEST2',NULL,X'414d512050423120202020565d7c2320099b2a',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:28:00.178487,'TEST.MSG.TEST3',NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d512050425131574544312020202055c28d792f442e8f'
2015-11-16 07:28:02.709618,'TEST.MSG.TEST1',DATE '2015-11-16' GMTTIME '07:28:00.950',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6
2015-11-16 07:28:04.066394,'TEST.REPLY',NULL,NULL,NULL,NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:40:31.533186,'TEST.MSG.TEST1 '2015-11-16' GMTTIME '07:40:31.510',X'414d51205042312020202055a1b9d422a6e502',X'000000000000000000000000000000000000000000000000',4,''

File3:

******* MessageID: X'414d5120505344322020202006f84f53cd9bb002' *******
******* 2015-11-03 11:26:29.663561 TEST.MSG.TEST1 *******
( ['APP1' : 0x11d1f2b0]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught exception and rethrowing' (CHARACTER)
)
)
******* MessageID: X'414d51205042312020202055a1b9d422a6e502' *******
******* 2015-11-03 11:26:45.663461 TEST.MSG.TEST2 *******
( ['APP2' : 0x11d1f2b1]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught another exception and rethrowing' (CHARACTER)
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...