Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Simple Bubble Chart
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Simple Bubble Chart
rbw78
Communicator
12-22-2011
07:35 AM
Hello.
I'm a newbie on splunk and i need some help for a Bubble Chart.
I want to count the total of matchs between sources and destinations hosts from my logs.
here is a log exemple :
Dec 15 17:22:27 10.233.86.237 Dec 15 17:22:19 LW5YOPDSY dsa_mpf: REASON=Invalid_Ack act=Deny IN=Local_Area_Connection OUT= MAC=F0:DE:F1:34:04:87:00:21:55:EF:8C:7F:08:00 SRC=213.181.36.229 DST=10.233.86.237 LEN=60 DF FRAG=0 PROTO=TCP SPT=16384 DPT=65308 RES=0x00 ACK CNT=1
SRC for source and DST for destination.
I tried to do some xml in my dashboard but i event don't what kind of search i have to do on my logs.
<row>
<chart>
<searchName>TestBubbleChart</searchName>
<title>TestBubbleChart</title>
<option name="charting.chart">bubble</option>
<option name="charting.axisX.categories">SRC</option> # Sources on X axe
<option name="charting.axisY.categories">DST</option> # Destinations on Y axe
<option name="charting.axisLabelsZ">numeric</option> # Count the matchs on Z axe
</chart>
</row>
thanks for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
06-11-2012
12:02 PM
could you explain a bit more what you mean by "count the total of matchs between sources and destinations"? what is your search command ie:"| stats dc(SRC) dc(DST)" ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rbw78
Communicator
01-02-2012
02:51 AM
Still no one could help on this topic ?
😞
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rbw78
Communicator
12-23-2011
01:27 AM
Well my xml file look like this :
<row>
<chart>
<searchName>TestBubbleChart</searchName>
<title>TestBubbleChart</title>
<option name="charting.chart">bubble</option>
<option name="charting.axisX">SRC</option>
<option name="charting.axisY">DST</option>
<option name="charting.axisZ">numeric</option>
<option name="charting.axisZ.minimumNumber">0</option>
<option name="charting.axisZ.maximumNumber">1000</option>
</chart>
</row>
I did the following search on my logs but still no result
eventtype="EVENT_DSA" | rex "(?i) .*?=(?P<SRC>\d+\.\d+\.\d+\.\d+)(?= )" | rex "(?i) dst=(?P<DST>[^ ]+)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rbw78
Communicator
12-23-2011
12:01 AM
Anyone know how to do that ?
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
