Dashboards & Visualizations

Create an dashboard & alert depending on the business logic

ziyod_a
Engager

How would one solve this problem:
We have a system that involves with bunch of wireless sensors. Each node report 3 sensor data (temp, humidity, battery) every 5 min. I was thinking to create a count on each node plus if one of the nodes doesn’t report within 5 min time interval I would get an alert.

Tags (2)
0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Start with a search that extracts the fields from the data message :

(replace index and sourcetype with your actual values)

index=yourindex sourcetype=yoursourcetypy Got data message | rex field=_raw "NODE_ID=(?<node>\d+), SENSOR_ID=(?<sensor>\d+), NETWORK_ID=(?<network>\d+), TIMESTAMP=(?<timestamp>\d+), DATA=(?<data>\d+\.\d+)}]"

Then you can use the stats/chart/timechart/table etc... search commands to display and analyse the extracted fields (node, sensor, network, timestamp, data)

... | stats count by node sensor

Futhermore, you may wish to consider using a "lookup" for the sensor field to map the code(0,1,2...) to a meaningful description(temp, humidity, battery ...)

View solution in original post

Damien_Dallimor
Ultra Champion

Start with a search that extracts the fields from the data message :

(replace index and sourcetype with your actual values)

index=yourindex sourcetype=yoursourcetypy Got data message | rex field=_raw "NODE_ID=(?<node>\d+), SENSOR_ID=(?<sensor>\d+), NETWORK_ID=(?<network>\d+), TIMESTAMP=(?<timestamp>\d+), DATA=(?<data>\d+\.\d+)}]"

Then you can use the stats/chart/timechart/table etc... search commands to display and analyse the extracted fields (node, sensor, network, timestamp, data)

... | stats count by node sensor

Futhermore, you may wish to consider using a "lookup" for the sensor field to map the code(0,1,2...) to a meaningful description(temp, humidity, battery ...)

Damien_Dallimor
Ultra Champion

Nice > vote it up !

0 Karma

ziyod_a
Engager

Thank you a lot Damien. That helped me a lot.

0 Karma

ziyod_a
Engager

Here is a sample log:

25 Jan 2012 11:02:56,231 DEBUG (NetworkWorker-27 LoggingTransport.logMessage ) :: Got data message: [WSNGATEWAY:29, route, {NETWORK_ID=27, CHILD_ID=110457432248942813, PARENT_ID=801}]
25 Jan 2012 11:02:56,231 TRACE (NetworkWorker-27 NetworkWorker .run ) :: Sensor Type DATA received
25 Jan 2012 11:02:56,232 INFO (NetworkWorker-27 StoreSensor .StoreSensorData) :: Sensor 1 (node physID:1886c730c0000dd) : ch 0 : raw 6349 : conv 74.28200000000001
25 Jan 2012 11:02:56,232 DEBUG (NetworkWorker-27 BatchPublisher .sendMessage ) :: Message added, queue size: 1
25 Jan 2012 11:02:56,233 DEBUG (NetworkWorker-27 LoggingTransport.logMessage ) :: Got data message: [WSNSENSOR:30, lastValue, {NODE_PLATFORM=11, TYPE_ID=1, NODE_ID=110457432248942813, SENSOR_ID=0, NETWORK_ID=27, TIMESTAMP=1327518160913, DATA=74.28200000000001}]
25 Jan 2012 11:02:56,233 TRACE (NetworkWorker-27 NetworkWorker .run ) :: Sensor Type DATA received
25 Jan 2012 11:02:56,233 TRACE (NetworkWorker-27 StoreSensor .StoreSensorData) :: HUMIDITY_CONVERSION: Trying to do a compensated conversion using last temperature of 74.28200000000001 and sensor reading 1160
25 Jan 2012 11:02:56,234 INFO (NetworkWorker-27 StoreSensor .StoreSensorData) :: Sensor 2 (node physID:1886c730c0000dd) : ch 1 : raw 1160 : conv 39.057092000000004
25 Jan 2012 11:02:56,234 DEBUG (NetworkWorker-27 BatchPublisher .sendMessage ) :: Message added, queue size: 2
25 Jan 2012 11:02:56,234 DEBUG (NetworkWorker-27 LoggingTransport.logMessage ) :: Got data message: [WSNSENSOR:31, lastValue, {NODE_PLATFORM=11, TYPE_ID=2, NODE_ID=110457432248942813, SENSOR_ID=1, NETWORK_ID=27, TIMESTAMP=1327518160913, DATA=39.057092000000004}]
25 Jan 2012 11:02:56,234 TRACE (NetworkWorker-27 NetworkWorker .run ) :: Sensor Type DATA received
25 Jan 2012 11:02:56,235 INFO (NetworkWorker-27 StoreSensor .StoreSensorData) :: Sensor 5 (node physID:1886c730c0000dd) : ch 2 : raw 35249 : conv 3.029304029304029
25 Jan 2012 11:02:56,235 DEBUG (NetworkWorker-27 BatchPublisher .sendMessage ) :: Message added, queue size: 3
25 Jan 2012 11:02:56,235 DEBUG (NetworkWorker-27 LoggingTransport.logMessage ) :: Got data message: [WSNSENSOR:32, lastValue, {NODE_PLATFORM=11, TYPE_ID=5, NODE_ID=110457432248942813, SENSOR_ID=2, NETWORK_ID=27, TIMESTAMP=1327518160913, DATA=3.029304029304029}]
25 Jan 2012 11:02:56,236 DEBUG (JMS transport batch thread BatchPublisher .run ) :: Have sent 1 message(s) to AppServer
25 Jan 2012 11:02:56,256 DEBUG (JMS transport batch thread BatchPublisher .run ) :: Have sent 3 message(s) to AppServer

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...