Reporting

Report and a dashboard

viji261992
Explorer

Our splunk is receiving events from network devices, which contains hostname, eventuei="error reason", eventtime.
1. I need to create a report which display the hostname, corresponding error reason , eventtime and no. of alerts generated
2. I need to create a dashboard with device name in the x-axis no. of alerts in the y-axis
3. A complete dashboard which shows total no. of hosts in my company, no. of hosts working fine, no. of hosts are down based on error reason

Tags (1)
0 Karma

soumyasaha25
Contributor
  1. index=opennms sourcetype=event | stats values(eval(strftime(_time,"%Y-%m-%dT%H:%M:%S"))) as time_new list(nodeid) as hostname count by eventuei Note: The assumption here is that you have the hostnames in the field "nodeid"
  2. index=opennms sourcetype=event | stats values(nodeid) as hostname count by eventuei | fields - eventuei after running this search go to the visualization tab and select chart type as "clolumn chart" and then save it as a dashboard
  3. index=opennms sourcetype=event | timechart span=1h distinct_count(nodeid) as hostcount - for "total no. of hosts in my company" save it as a dashboard panel

i will look into it again when i have some more time, meanwhile can you check if the above searches work/meet your requirements.

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@viji261992

Can you please share sample events?

0 Karma

viji261992
Explorer

2018-10-06 08:33:04.248, eventid="160109240", eventuei="uei.opennms.org/XOM/threshold/wan_routers/int-rx-util-rearm", nodeid="15925", eventtime="2018-10-06 08:33:04.248", ipaddr="x.x.x.x", eventlogmsg="Interface Gi2/0/2 on GQEGJ-WANRTC002 RX (58.21%) exceeded threshold has cleared", eventseverity="3", alarmid="24607406", nodelabel="GQEGJ-WANRTC002"

This is the log that we are getting from our tools
Search : index=opennms sourcetype=event

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@viji261992

Can you please describe below fields? I need hostname , device name and correlation idea as per your requirement.

alarmid
eventid
eventlogmsg
eventseverity
eventtime
eventuei
ipaddr
nodeid
nodelabel

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...