I have a slightly odd ball request, and I hope you guys can help me out.
Once of our main uses for Splunk is operational dashboards, we are able to show a lot of interesting information about how our network services are performing by analysing a variety of sources. However there are times where I need to drill down on the network an collect additional information about something very specific and in real time. As such I would like to trigger an additional "collection" when a form is submitted, this script would inject records into my Splunk index and my dashboard would have a realtime search for this datasource. Note that most of the time I would not collect this data for a number of reasons, mostly to do with capacity of management networks and device tolerance to intensive polling.
By way of example, my dashboard might find that I device failed its configuration, I would like to be able to have a form that does detailed analysis on the device, when that form is submitted a script may ping the device an log its output to splunk. The form has a realtime search for these ping results.
I can think of a few ways of doing this, most of them are ugly, im interested in your ideas?
... View more