Solved: Service health dashboard

linusconcepcion · ‎07-23-2011

I have several services sending their logs over to splunk.

I'd like to generate a daily dashboard report that looks like the one at the bottom of this page:
http://status.aws.amazon.com/

Basically, all the rows would be my various services. The columns would be the last 5-10 days. There would be a green, yellow, or red mark in the cells depending on the number of ERRORs that appear on the logs.

Is a report like this possible?

gkanapathy · ‎07-23-2011

yes, though it's slightly easier to do it in Splunk with the rows and columns the other way:

source=mylogs earliest=-5d@d  "ERROR" | timechart span=1d count by ServiceName

And then display it with the "heatmap" overlay. To transpose:

source=mylogs earliest=-5d@d  "ERROR" | timechart span=1d count by ServiceName | fieldformat _time=strftime("%Y-%m-%d", _time) | transpose

View solution in original post

gkanapathy · ‎07-23-2011

yes, though it's slightly easier to do it in Splunk with the rows and columns the other way:

source=mylogs earliest=-5d@d  "ERROR" | timechart span=1d count by ServiceName

And then display it with the "heatmap" overlay. To transpose:

source=mylogs earliest=-5d@d  "ERROR" | timechart span=1d count by ServiceName | fieldformat _time=strftime("%Y-%m-%d", _time) | transpose

linusconcepcion · ‎07-24-2011

This works fine. Thanks!

linusconcepcion · ‎07-24-2011

Thank you. I'll give this a shot and mark this as the answer if it works.

Service health dashboard

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?