- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can't figure out how to get Syslog data to chart
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can't figure out how to get Syslog data to chart
Hi, I am having ADSL line problems as a result I am using splunk to monitor my syslog, especially interested in lines like the following:
Feb 9 16:52:14 10.x.x.1 Feb 09 16:52:25 home kernel: Line 0: ADSL link up, Path 0, us=1148, ds=12027
What I would like to do is chart on a time line using a line chart the times this has happened and the Uplink Speed (us) and Downlink Speed (ds) for each drop.
Can anyone help me please?
Thanks Anthony
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you only want to get the values of us and ds for each time the event occurs you could do this:
"ADSL link up" | table _time,us,ds
and create a report of it.
However once you want to know how many times the event has occurred you need to define what time period you want this to apply to, and how to handle multiple values of us and ds. Let's say you define the time period for counting events to be 1 minute, and that somewhere in the log you have 3 of these events occurring within 1 minute. Splunk needs to know how to give you ONE value for us and ds respectively, even though there are 3 values of each. You can tell Splunk to just give you an average from the 3 events using the stats function avg:
"ADSL link up" | timechart span=1m count,avg(us),avg(ds)
Or, if you only want the values from the first of the events within the time period, use first instead of avg. Want the sum? Use sum. And so on. More information on statistical functions is available here: http://www.splunk.com/base/Documentation/latest/SearchReference/Stats
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure you're looking at the right place. Are you perhaps confusing the timeline widget in the search interface with the charts you want to create? The searches I showed you should give a table consisting of the stats you're asking for. To use these stats in a chart, use the "Show report" link to the right underneath the search button. This takes you to the report builder where you can choose the type of chart you want to use and some other things, before you finally click Apply and create the actual chart.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thanks for your reply, but that just shows the us and ds occurences, not the values. I managed to get that chart, but not one showing the values. The graph as a "1" on the vertical and time on the horizontal axes.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
