Dashboards & Visualizations

How to create a dashboard view with status indicators on a bubble graph?

bkumarm
Contributor

I have a view that is thought to be useful for providing a information to our users.
I have no idea if this can be achieved in Splunk.
The need is that we display the failure points based on log data and then user should be able to drill down on click at that point.
Also it would be great if an error message can be displayed too.

alt text

0 Karma
1 Solution

sundareshr
Legend

sundareshr
Legend

You will need this app for that https://splunkbase.splunk.com/app/1603/

bkumarm
Contributor

Here is some sample data that can be used for generating this view.
File1 belongs to App1
File2 belongs to App2
File3 belongs to App3

the application status should be shown based on the failures. Fails are identified by an Error() string.
Note that the third file is a Error dump and not actually a structured log.

File1:

Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Service installed on port,414d512050423120202020565d7c2320099b2a, Error(Invalid Data)
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonMsgPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] mpgw(CommonBinaryPassthrough): tid(111): Operational state up,414d5120505344322020202006f84f53cd9bb002, Error()
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171729): Connection succeeded,414d512050423120202020565d7c2320099b2a, Error(URL ….)
Mon Nov 16 2015 08:26:51 [0x80e00344][mq][notice] mq-qm(Common_EAIT): tid(9171633): Connection succeeded,414d51205042312020202055a1b9d422a6e502, Error()
Mon Nov 16 2015 08:26:51 [0x00350016][mgmt][notice] source-mq(CommonDataPassthrough): tid(111): Service installed on port, Error(" Could not get response")
Mon Nov 16 2015 08:26:51 [0x00350014][mgmt][notice] source-mq(CommonBinaryPassthrough): tid(111): Operational state up, Error(" Invalid Data found")

File2:

07:27:52.820',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6,'TEST.MSG.TEST1'
2015-11-16 07:28:00.176457,'TEST.MSG.TEST2',NULL,X'414d512050423120202020565d7c2320099b2a',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:28:00.178487,'TEST.MSG.TEST3',NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d512050425131574544312020202055c28d792f442e8f'
2015-11-16 07:28:02.709618,'TEST.MSG.TEST1',DATE '2015-11-16' GMTTIME '07:28:00.950',X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f',6
2015-11-16 07:28:04.066394,'TEST.REPLY',NULL,NULL,NULL,NULL,X'414d5120505344322020202006f84f53cd9bb002',X'414d51205042513157452055c28d792f442e8f'
2015-11-16 07:40:31.533186,'TEST.MSG.TEST1 '2015-11-16' GMTTIME '07:40:31.510',X'414d51205042312020202055a1b9d422a6e502',X'000000000000000000000000000000000000000000000000',4,''

File3:

******* MessageID: X'414d5120505344322020202006f84f53cd9bb002' *******
******* 2015-11-03 11:26:29.663561 TEST.MSG.TEST1 *******
( ['APP1' : 0x11d1f2b0]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught exception and rethrowing' (CHARACTER)
)
)
******* MessageID: X'414d51205042312020202055a1b9d422a6e502' *******
******* 2015-11-03 11:26:45.663461 TEST.MSG.TEST2 *******
( ['APP2' : 0x11d1f2b1]
  (0x01000000:Name):RecoverableException = (
    (0x03000000:NameValue):File                 = '/mypath/Comptest.cpp' (CHARACTER)
    (0x03000000:NameValue):Line                 = 497 (INTEGER)
    (0x03000000:NameValue):Function             = 'test' (CHARACTER)
    (0x03000000:NameValue):Type                 = 'TestNode' (CHARACTER)
    (0x03000000:NameValue):Name                 = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Label                = 'TEST_MSG' (CHARACTER)
    (0x03000000:NameValue):Catalog              = 'msgs' (CHARACTER)
    (0x03000000:NameValue):Severity             = 3 (INTEGER)
    (0x03000000:NameValue):Number               = 2230 (INTEGER)
    (0x03000000:NameValue):Text                 = 'Caught another exception and rethrowing' (CHARACTER)
0 Karma
Get Updates on the Splunk Community!

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...