Dashboards & Visualizations

How to generate a chart to display how often a device is sending a log to Splunk?

rogueakula
Explorer

I am looking to see how often all of my devices are sending logs to Splunk. We recently applied a hotfix and it seems that it has seriously degraded the number of logs, and the frequency that they are being received. I would like to graph it to see if they were indeed affected by this patch. Thanks!

-Josh

0 Karma

mattymo
Splunk Employee
Splunk Employee

I recommend you take a look at meta woot! https://splunkbase.splunk.com/app/2949/

It is a great app and provides many useful views that help trend events, license usage, and indexing by host, sourcetype and index

It leverages a scheduled tstats search to a summary index. that will allow you to trend your events and license over time, and can even form the basis of alerting on hosts that have gone missing or are indexing behind or ahead.

you could effectively do the same thing with a simple tstats command like:

| tstats prestats=t count by host, _time
| timechart count by host 

Which should work quick and dirty, but meta woot! will provide a better experience over time without re-inventing the wheel.

- MattyMo
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...