Splunk Search

Improve my search commands for weather

sbnoobbb
Path Finder

Given search below, do anyone have a better way of displaying my result on a chart ? The weather data is updated every few minutes.

Need some professionals to guide me along 😃 Thanks in advance.

sourcetype="NYPWeatherForecastCurrently" | chart first(current_temperature) max(current_temperature) avg(current_temperature) min(current_temperature) first(current_psi) first(current_humidity) first(current_dewpoint) first(current_visibility) first(current_windSpeed) by _time

time : 1371697655
visibility : 0.3
windBearing : 247
windSpeed : 7.16
psiAverage : 162
cloudCover : 0.38
dewPoint : 72.24
humidity : 0.57
icon : fog
ozone : 268.3
precipIntensity : 0
pressure : 1007.63
summary : Foggy
temperature : 89.95

1 Solution

ChrisG
Splunk Employee
Splunk Employee

Have you looked at any of the weather-related downloads on Splunkbase? There might be some good examples there.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

Have you looked at any of the weather-related downloads on Splunkbase? There might be some good examples there.

sbnoobbb
Path Finder

will look into it, thank you very much ! 😃

0 Karma

asimagu
Builder

I would do a pretty thing displaying all those metrics as Single Values.
You can have the Parent search, and then a postprocess to calculate each of the metrics.

Then , it will only be a matter of playing with the layout. I reckon you can easily add some great CSS Magic to that 😉 If that is too advanced for you, I advise you to start playing with the rangemap colours so depending on your thresholds , the values will get one or other colour.

sbnoobbb
Path Finder

Will try on that, thank you very much 😃

0 Karma

sbnoobbb
Path Finder

I am open to all answer 😃 Anyone has their own way of presenting these data on a chart. Is just how they wanna it to be presented. What will you do if you are given these data and do a chart search.

0 Karma

asimagu
Builder

can you be a bit more specific on what you need?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...