Hello!
I am a bit of a lurker here. I am considering using Splunk as both the frontend and backend for a support crew telemetry website for a yacht race.
The boats transmit frequent but irregular telemetry data.
Given the competitive nature of the endeavour security is a paramount concern 😉
As the support crews are not necessarily IT literate, I propose that the site is basically one big dashboard, with very limited access to the underlying Splunk functionality.
So, here's the question(s):
- For security reasons, I propose to allocate a separate index to each boat. Is this the best approach?
- For simplicity, let's say there are two types of telemetry data, depending on the boats' equipment. I'm going to develop two dashboards, each displaying optimum information based on the raw data.
Do I need to replicate the dashboard/ app across each of the relevant indices? Or can I use the same app across each of the relevant indices?
If I have to replicate the dashboard across each, is there some easy way to abstract the source data from the dashboard? What I mean, is that if I have index="boat1", index="boat2", etc, do I have to change all my queries, or can I have app1 written to expect a source of "boat_telemetry1 and abstract/ or 'rename' in one place boat1= boat_telemetry1, boat10=boat_telemetry2, etc? Does that make sense?
Given the irregular nature of the comms, is there anything I should bear in mind?
Any advice appreciated.
OB.
PS. I'm considering ammaps. Has anyone used it for non-IP location data?
OB.
