Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk manage Arduino sensors output messages ?

nicox77
New Member
‎11-04-2011 06:41 AM

Is it possible for Splunk to manage "live" Arduinos sensors datas like :

Rain Data
1.00mm; 0s;
Temp reading = 23.73 degress C
Light reading = 442 - Light

And to provide all Splunk services, make reports, provide alerting, ..... ?

Tags (2)
0 Karma
Reply

Stevelim
Communicator
‎08-25-2015 08:09 AM

You can also make use of Kepware's UCON driver to create a custom interface. After which forward that data to the Splunk instance via the IDF in real time. In that way, there will be no need to store any data in your server since all of them are properly indexed inside Splunk itself. This also gives you the added benefit of displaying the data in real time on a dashboard.

Alternatively, you can also load up the Modbus library on your Arudino, assign the values to the correct registers and communicate with Kepware as the Modbus Master. That way, you can avoid developing the UCON driver and just grab the off the shelf Modbus drivers.

Link for Modbus library: https://code.google.com/p/simple-modbus/

0 Karma
Reply

nicox77
New Member
‎11-04-2011 06:59 AM

Thanks all for your answers
These sensors send these kind of messages always with "time", it's a live data flow, and we'll store all these infos in our server.

0 Karma
Reply

tgow
Splunk Employee
Splunk Employee
‎11-04-2011 06:53 AM

How is the data getting logged? Remember that Splunk can handle any source of data.

Can you provide a full log entry? Is time anywhere in the event?

Splunk stores all of the data on the back-end by time.

If this is a typical entry then you will probably have to setup some of the following options in the props.conf:

[yoursourcetype]
SHOULD_LINEMERGE = True
BREAK_ONLY_BEFORE = ^Rain
0 Karma
Reply

Ayn
Legend
‎11-04-2011 06:50 AM

Yes. If it's text, Splunk will happily index it. You will have to handle getting the data from the sensors and building the alerts etc, but it's definitely most possible.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...