Re: How do I run a Splunk search using R in the Sp...

m_vivek · ‎06-25-2015

I am very new to splunk .

Step 1: I want to run a splunk search on my local machine data and import the results into a csv/text file.
Step 2: Then I want to run an R script/Program on the obtained text file to create another excel file consisting of the results.

I have, at present, the R app (created by Rfujara) installed too.

Is there some way I can automate the whole process or integrate step1 and Step 2 into a single step so that I can directly view the results on a dashboard in Splunk by simple running a search query or by running an R script in the search bar?

Simply put, I want to be able to do something like

"the splunk search query to get necessary data" | r script to run/extract what I want from prev step | Splunk command to view results on dashboard

My primary issue lies in pointing the data obtained from the splunk search query into R directly, without having to change the file names in my R program manually each time I run it.

Thanks!

ngwells · ‎08-18-2015

Not sure if this will help but you can structure you script like this (Assuming you're pointing to R correctly):

index=_internal| r "getdim<-function(input){ return(aggregate(input[,'log_level'],by=list(input[,'log_level']),length))}; output=data.frame(getdim(input))"

Click "Visualization" tab to see bar chart of counts for Windows 7 _internal index. might need some ;'s to deploy in a dashboard.

How do I run a Splunk search using R in the Splunk search bar and view the results on a dashboard?

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability