Splunk Search

Combine inputcsv and search to create a gauge

ccsfdave
Builder

I am trying to create a gauge where the green, yellow, red are dynamically adjusted using average and percentages for similar traffic over the past 30 days. The 30 day search takes a while so what I would like to do is run it overnight and dump it to a csv. I would then like to run todays numbers on the fly and apply the results (the needle in the gauge) to the csv results.

This is where I am with it:

index=msad "EventCode=4624"  earliest=-1d@min |stats count as today| append[|inputcsv start=29 max=1 YsForGauge.csv] | table today average Eighty Ninety-Five

This results in a table:

today          average          Eighty          Ninety-Five
892683      
                1255.633333 2016    2257

So the results are in two rows of the resulting table. What I would like to do is replace the table with

gauge today 0 average Eighty Ninety-Five

But is failing. Help?

Tags (3)
0 Karma
1 Solution

ccsfdave
Builder

Figured it out, not just append but appendcols puts it in one row and then gauge works!

index=msad "EventCode=4624" earliest=-1d@min |stats count as today| appendcols [|inputcsv start=29 max=1 YsForGauge.csv] | gauge today 0 average Eighty Ninety-Five

View solution in original post

0 Karma

ccsfdave
Builder

Figured it out, not just append but appendcols puts it in one row and then gauge works!

index=msad "EventCode=4624" earliest=-1d@min |stats count as today| appendcols [|inputcsv start=29 max=1 YsForGauge.csv] | gauge today 0 average Eighty Ninety-Five

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...