Hello!
I am a bit of a lurker here. I am considering using Splunk as both the frontend and backend for a support crew telemetry website for a yacht race.
The boats transmit frequent but irregular telemetry data.
Given the competitive nature of the endeavour security is a paramount concern 😉
As the support crews are not necessarily IT literate, I propose that the site is basically one big dashboard, with very limited access to the underlying Splunk functionality.
So, here's the question(s):
Do I need to replicate the dashboard/ app across each of the relevant indices? Or can I use the same app across each of the relevant indices?
If I have to replicate the dashboard across each, is there some easy way to abstract the source data from the dashboard? What I mean, is that if I have index="boat1", index="boat2", etc, do I have to change all my queries, or can I have app1 written to expect a source of "boat_telemetry1 and abstract/ or 'rename' in one place boat1= boat_telemetry1, boat10=boat_telemetry2, etc? Does that make sense?
Given the irregular nature of the comms, is there anything I should bear in mind?
Any advice appreciated.
OB.
PS. I'm considering ammaps. Has anyone used it for non-IP location data?
OB.