HI fellow splunkies, and a good to to you,
I would like to know if following is possible:
Data base is historic data in a csv file. Total timerange of this data is two minutes.
Is it possible to show this data on a dashboard panel and make it look like it´s real time data?
Its for a demo and I would like the data to flow in "realtime", during a time period of 2 minutes until all the data from the csv file is read.
I hope that somehow made sense.
Maybe an example could clarify that a bit more:
Lets assume we have a video of a car accelerating form 0 to 60, and this is happining because we have a real shitty car, in 2 minutes.
As an overlay I would like to show the historic data of this acceleration in "real time" during the vid.
I appreciate any kind of idea 🙂
please have a look at the following query, and adapt it to your needs.
| makeresults count=40 | eval high = 80 | eval low = 10 | eval val = round(((random() % high)/(high)) * (high - low) + low) | streamstats count as TheRecordNumber | eval time=_time-10*TheRecordNumber | eval _time=time | table _time,val
I do had a look at this app and already installed it, but I am not quite sure how to set this up after reading the tutorial http://splunk.github.io/eventgen/TUTORIAL.html
Still missing the option on delaying it to make it look like realtime
firstly i like the name of the question 🙂
You can sort of try to achieve this through a scripted input
You can execute a python or a simple script and as the script to pull and update the same index with a small time pause.
For example, say you have 50 data points in a 2 minutes range, you can write a script that picks the first 10 data points in the first run, next 10 in the next run and so on..
Thank you for the fast answer, do you might have an example on how to set this up?
So clear is, set up an input stanza, and refer to the script in /bin.
then I would add stuff like
but how would I handle the interval you mentioned ( 50 data points 10 per run)? How does the script have to look like?
hi i didnt know about the event gen app like @niketnilay mentions, check that out?
The settings to pick up discrete events will come in your base script, not splunk is the way i look at it.
So, assuming you have 50 data points your shell script should pick up discrete values(10-20-20) in each run, splunk will always execute the script real time.
Since this is a demo you just need to let it run thrice, you can block it in your base script say if he script is run more than 3 times 🙂
just a generic idea...