Dashboards & Visualizations

How to fake real time data on dashboard panel?

dkeck
Influencer

HI fellow splunkies, and a good to to you,

I would like to know if following is possible:

Data base is historic data in a csv file. Total timerange of this data is two minutes.

Is it possible to show this data on a dashboard panel and make it look like it´s real time data?

Its for a demo and I would like the data to flow in "realtime", during a time period of 2 minutes until all the data from the csv file is read.

I hope that somehow made sense.

Maybe an example could clarify that a bit more:

Lets assume we have a video of a car accelerating form 0 to 60, and this is happining because we have a real shitty car, in 2 minutes.

As an overlay I would like to show the historic data of this acceleration in "real time" during the vid.

I appreciate any kind of idea 🙂

Thank you

David

0 Karma

poete
Builder

Hello @dkeck,

please have a look at the following query, and adapt it to your needs.

| makeresults count=40 
| eval high = 80
| eval low = 10
| eval val = round(((random() % high)/(high)) * (high - low) + low)
| streamstats count as TheRecordNumber
| eval time=_time-10*TheRecordNumber
| eval _time=time
| table _time,val
0 Karma

niketn
Legend

@dkeck, you can use Eventgen app which does exactly the same.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

dkeck
Influencer

I do had a look at this app and already installed it, but I am not quite sure how to set this up after reading the tutorial http://splunk.github.io/eventgen/TUTORIAL.html

Still missing the option on delaying it to make it look like realtime

0 Karma

Sukisen1981
Champion

firstly i like the name of the question 🙂
You can sort of try to achieve this through a scripted input
https://docs.splunk.com/Documentation/Splunk/7.3.1/AdvancedDev/ScriptSetup
https://docs.splunk.com/Documentation/Splunk/7.3.1/AdvancedDev/ScriptedInputsIntro
You can execute a python or a simple script and as the script to pull and update the same index with a small time pause.
For example, say you have 50 data points in a 2 minutes range, you can write a script that picks the first 10 data points in the first run, next 10 in the next run and so on..

0 Karma

dkeck
Influencer

Thank you for the fast answer, do you might have an example on how to set this up?

So clear is, set up an input stanza, and refer to the script in /bin.

[script://$SPLUNK_HOME/etc/apps/<appName>/bin/starter_script.sh]

then I would add stuff like

index=
host=
sourcetype=
etc.

but how would I handle the interval you mentioned ( 50 data points 10 per run)? How does the script have to look like?

0 Karma

Sukisen1981
Champion

hi i didnt know about the event gen app like @niketnilay mentions, check that out?
The settings to pick up discrete events will come in your base script, not splunk is the way i look at it.
So, assuming you have 50 data points your shell script should pick up discrete values(10-20-20) in each run, splunk will always execute the script real time.
Since this is a demo you just need to let it run thrice, you can block it in your base script say if he script is run more than 3 times 🙂
just a generic idea...

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...