About overboard

overboard · ‎09-07-2010

Thanks Stephen, I'll let you know how I get on. OB.

overboard · ‎09-06-2010

How do I link index="boat1" to the dashboard expecting a source of "boat_telemetry_A"? I downloaded the Splunk for Cisco app and noticed that the dashboard complained that I didn't have any ironport sources. Given that everyone's not going to rename their sources to ironport, I assume I can make this link some how. Sorry about asking again. Just trying to get me head around this. Regards, OB.

overboard · ‎09-04-2010

With regard to 'irregular', I was referring to the timing of received data. I'll always get it in the correct format, but some days I'll get multiple updates, some days none at all. That's what I meant by frequent but irregular. Sorry for any confusion. On a separate but related subject, what would the search look like to see what teams have logged onto the dashboards, when, etc? Thanks, OB.

overboard · ‎09-04-2010

Thanks for that Stephen (et al). So let's say I have 10 indices, index="boat1", index="boat2", etc and I have two dashboards, one expecting source type "boat_telemetry_A", the other "boat_telemetry_B". How do I link the boat's raw telemetry data to the appropriate dashboard? I hope I am explaining that clearly. I don't expect Splunk to do it automatically, but for each boat, I would hope to edit the minimum number of variables to get the dashboards to work. Otherwise it won't scale, (I hope to have more than 10 boats).

overboard · ‎09-03-2010

Hello! I am a bit of a lurker here. I am considering using Splunk as both the frontend and backend for a support crew telemetry website for a yacht race. The boats transmit frequent but irregular telemetry data. Given the competitive nature of the endeavour security is a paramount concern 😉 As the support crews are not necessarily IT literate, I propose that the site is basically one big dashboard, with very limited access to the underlying Splunk functionality. So, here's the question(s): For security reasons, I propose to allocate a separate index to each boat. Is this the best approach? For simplicity, let's say there are two types of telemetry data, depending on the boats' equipment. I'm going to develop two dashboards, each displaying optimum information based on the raw data. Do I need to replicate the dashboard/ app across each of the relevant indices? Or can I use the same app across each of the relevant indices? If I have to replicate the dashboard across each, is there some easy way to abstract the source data from the dashboard? What I mean, is that if I have index="boat1", index="boat2", etc, do I have to change all my queries, or can I have app1 written to expect a source of "boat_telemetry1 and abstract/ or 'rename' in one place boat1= boat_telemetry1, boat10=boat_telemetry2, etc? Does that make sense? Given the irregular nature of the comms, is there anything I should bear in mind? Any advice appreciated. OB. PS. I'm considering ammaps. Has anyone used it for non-IP location data? OB.

Posts	5
Solutions	0
Karma Given	0
Karma Received	4
Member Since	‎09-03-2010

Online Status	Offline
Date Last Visited	‎06-05-2020 02:02 AM

Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Splunk for a boat race?

Are you a member of the Splunk Community?

Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Re: Splunk for a boat race?

Splunk for a boat race?