Getting Data In

Adding (hostname) field to Uptime Monitoring / Status Overview Dash

archersplunk
Explorer

What would be the best way to add 'hostname' field to the 'Status Overview' dash under Uptime Monitoring. I noticed under 'Data Inputs' / 'Ping' , a name(hostname) exists as new hosts are added. Would there be a way to join this field over into my data for 'Uptime Monitoring'? Been at this a while and seems like the answer is much more simple then I'm looking at this. Thanks.

0 Karma
1 Solution

mledford
Explorer

Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname

Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping

View solution in original post

mledford
Explorer

Assuming the columns for your lookup table are titled "dest" and "hostname" and your lookup is named "hostnameLookup.csv" you would add the following to your search: " | lookup hostnameLookup.csv dest OUTPUT hostname

Complete search:
sourcetype="ping_input"
| stats sparkline(avg(avg_ping)) as sparkline_ping avg(avg_ping) as ping max(max_ping) as max_ping latest(packet_loss) as packet_loss latest(_time) as last_checked range(avg_ping) as range min(avg_ping) as min by dest
| search
| eval ping=round(ping, 0)." ms"
| eval average=round(avg_ping, 0)." ms"
| eval maximum=round(max_ping, 0)." ms"
| eval range=round(min, 0)." - ".round(min+range, 0)." ms"
| eval packet_loss=if(max_ping="NA",100,packet_loss)
| lookup hostnameLookup.csv dest OUTPUT hostname
| table dest hostname packet_loss last_checked ping max_ping range sparkline_ping
| timesince(last_checked,last_checked)
| sort -ping

archersplunk
Explorer

Thank you so much for this answer as it was 99% of the key to my resolution. The other 1% was adding in an 'as' to reference the IP field from the lookup to my data, then OUTPUT that to the newly created field

|lookup hostnameLookup.csv IP as dest OUTPUT hostname

Worked perfect and could not have done it without your awesomeness.

Thank you!

nplamondon
Communicator

We're going to need more information to work with. For starters, what app are you working in? What have you tried? What isn't working? Screenshots are often helpful, too.

archersplunk
Explorer

Thanks for your response and I apologize for lack of clarity.

I am working in the 'Network Toolkit' App under the 'Status Overview' portion to provide ICMP monitoring for various hosts.
Currently the 'Status Overview' provides a 'dest' field that contains an IP address, and I would like to create an additional 'hostname' field respectively for easier reference with the IP of a particular host.

Splunk support has provided me with a suggestion in creating a lookup which contains an IP address and Hostname imported via CSV file for each host. I've managed to create a lookup, but trying to use the 'inputlookup' command is failing for me probably because I am a noob and not using it correctly.

An additional option is under 'Settings' / 'Data Inputs' / 'Ping' . Within this dash there is a 'name' field which is populated entering a new host from this dash. If I could somehow grab that field from here and merge with the data in the 'Status Overview' dash , that could work too.

Any assist would be greatly appreciated on this. Btw I tried importing screen snips but don't see where to import within this.

  • Thanks
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Splunk Enterprise Security 8.0 revolutionizes the SOC workflow experience from the ground up. Now security ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...