Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Report and a dashboard

viji261992
Explorer
‎10-06-2018 12:57 AM

Our splunk is receiving events from network devices, which contains hostname, eventuei="error reason", eventtime.
1. I need to create a report which display the hostname, corresponding error reason , eventtime and no. of alerts generated
2. I need to create a dashboard with device name in the x-axis no. of alerts in the y-axis
3. A complete dashboard which shows total no. of hosts in my company, no. of hosts working fine, no. of hosts are down based on error reason

Tags (1)
0 Karma
Reply

soumyasaha25
Contributor
‎10-09-2018 06:09 AM
  1. index=opennms sourcetype=event | stats values(eval(strftime(_time,"%Y-%m-%dT%H:%M:%S"))) as time_new list(nodeid) as hostname count by eventuei Note: The assumption here is that you have the hostnames in the field "nodeid"
  2. index=opennms sourcetype=event | stats values(nodeid) as hostname count by eventuei | fields - eventuei after running this search go to the visualization tab and select chart type as "clolumn chart" and then save it as a dashboard
  3. index=opennms sourcetype=event | timechart span=1h distinct_count(nodeid) as hostcount - for "total no. of hosts in my company" save it as a dashboard panel

i will look into it again when i have some more time, meanwhile can you check if the above searches work/meet your requirements.

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:20 AM

@viji261992

Can you please share sample events?

0 Karma
Reply

viji261992
Explorer
‎10-06-2018 01:36 AM

2018-10-06 08:33:04.248, eventid="160109240", eventuei="uei.opennms.org/XOM/threshold/wan_routers/int-rx-util-rearm", nodeid="15925", eventtime="2018-10-06 08:33:04.248", ipaddr="x.x.x.x", eventlogmsg="Interface Gi2/0/2 on GQEGJ-WANRTC002 RX (58.21%) exceeded threshold has cleared", eventseverity="3", alarmid="24607406", nodelabel="GQEGJ-WANRTC002"

This is the log that we are getting from our tools
Search : index=opennms sourcetype=event

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:56 AM

@viji261992

Can you please describe below fields? I need hostname , device name and correlation idea as per your requirement.

alarmid
eventid
eventlogmsg
eventseverity
eventtime
eventuei
ipaddr
nodeid
nodelabel

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...