Hi All,
I have a simple .txt file with fixed length CSV strings. 4 characters of each string represents a room number and 2 characters room temperature. I have added the data input and can do searches on the file.
The Visualization tab - quick reports just shows me the number of occurrences of the fields and the Dashboard tab presents a gauge, but how can I equate the data in the fields to the value on the gauge?
Are there any instructions to show me how to get from there to present the temperature on one of the dashboard gauges (there would have to be a lookup table from the 4 / 2 characters to indicate the room number, temperature). The Dashboard section of the Search and Reporting pdf is blank.
Regards
Active
Let's back up a bit. I am assuming that the temperature file gets updated periodically so you definitely should not be using Lookups
to generate ad-hoc events, you should setup a monitor
on your files with inputs.conf
to continuously generate events as soon as a new file full of them is written. If your file's content does not contain timestamps, perhaps the files' names do and you can get the timestmap from the filename and use datetime.xml
to assign tempstamps to each event in the file. If not, you can use DATETIME_CONFIG = CURRENT
to use the timestmap of the Indexer when it indexes the event for the timestamp of each temperature measurement event. You can read more about getting (timestamped) data into Splunk here:
http://docs.splunk.com/Documentation/Splunk/6.2.4/Data/WhatSplunkcanmonitor
Once that is done if you are sure that you are going to use dashboard visualizations, the vast majority of these use either the chart
or timechart
command so familiarize yourself with these and you will be off and running. Both of these commands automatically populate and jump to the "Visualization" tab and from there you can click on the pen icon to change the visualization type to suit your preferences.
Thanks Woodcock
I'll investigate chart and timechart (it wasn't clear to me how to form a dashboard from my data).
The monitor part is already working (I use the Splunk front end to set up an auto-monitor of my .txt file which is being updated by the temperature sensors every half hour). I note that Splunk datetime stamps each record anyway but I will include a datetime input on each row once I get a basic dashboard working.
Regards
Active.
Great, be sure to come back and update this question with your findings so we can be sure to close it out.
Can you share some of the data including the csv header?