- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- getting all the value's of the culum in a table in...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
getting all the value's of the culum in a table in a variable
Hi i'm trying to to make a custom dashboard. This is wat i got so far. The dashboard is in html it is an image of the schema with all the servers for that application. the point is to get a quick overview to see where something is wrong. I can't use simple xml because the data has to be "real time". I use javascript to rerun the searches every minute. Now there is a server where the load time sometimes spikes and when it spikes to much things go wrong.
So to make the dashboard more complete i want to add a sparkline with the load time on this server. So you can see the load time of the last 30 min. or so
I know javascript code to make this happen but the thing i need is the variables to put in the sparkline. So I want all the variables of a column in a table. The table is drafted with a timespan search. like this
search... | timechart span=5s count as values
The dashboard is in html so to extact the values i tried to use this:
new SearchEventHandler({
manegerid: "searchID1",
event: "preview",
conditions: [
{
attr: "any",
value: "*",
actions: [
{"type": "set", "token": "loadtime_1", "value": "$result[1].values$"},
{"type": "set", "token": "loadtime_2", "value": "$result[2].values$"},
{"type": "set", "token": "loadtime_3", "value": "$result[3].values$"},
...
{"type": "set", "token": "loadtime_n", "value": "$result[n].values$"}
]
}
]
});
This didn't work the tokes i used in html, like all other thing i did on this dashboard.
Has annyone a solution to this or an alternative method to achief the same goal
thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can do "real time" in simple HTML. (At least to the granularity you specified.) I have pasted the source for a panel I use, which uses a 10 minute refresh. If you want 1 minute refresh, use this in place of the line from my example:
<option name="refresh.auto.interval">60</option>
So, create the search you need and save it to a dashboard, then edit the source and add the "refresh.auto.interval" line to the chart.
example:
<panel>
<chart>
<title>CPU Utilization by Host</title>
<search>
<query>index=os sourcetype=cpu $hosts$ | timechart span=$span$ avg(pctCPUutil) by host</query>
<earliest>$tpicker.earliest$</earliest>
<latest>$tpicker.latest$</latest>
</search>
<option name="refresh.auto.interval">600</option>
<option name="charting.legend.placement">bottom</option>
... snip ...
<option name="charting.axisY.maximumNumber">100</option>
</chart>
</panel>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is very hard to read (understand); perhaps you have time to go back and fix some of the confusing phrasing and spelling (particularly in the title/subject). Why are you using html and not simple.xml?
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
