Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

getting all the value's of the culum in a table in a variable

yonick
Engager
‎05-26-2016 12:51 AM

Hi i'm trying to to make a custom dashboard. This is wat i got so far. The dashboard is in html it is an image of the schema with all the servers for that application. the point is to get a quick overview to see where something is wrong. I can't use simple xml because the data has to be "real time". I use javascript to rerun the searches every minute. Now there is a server where the load time sometimes spikes and when it spikes to much things go wrong.
So to make the dashboard more complete i want to add a sparkline with the load time on this server. So you can see the load time of the last 30 min. or so
I know javascript code to make this happen but the thing i need is the variables to put in the sparkline. So I want all the variables of a column in a table. The table is drafted with a timespan search. like this

   search... | timechart span=5s count as values

The dashboard is in html so to extact the values i tried to use this:

  new SearchEventHandler({
                manegerid: "searchID1",
                event: "preview",
                conditions: [
                    {
                        attr: "any",
                        value: "*",
                        actions: [
                            {"type": "set", "token": "loadtime_1", "value": "$result[1].values$"},
                            {"type": "set", "token": "loadtime_2", "value": "$result[2].values$"},
                            {"type": "set", "token": "loadtime_3", "value": "$result[3].values$"},
                            ...
                            {"type": "set", "token": "loadtime_n", "value": "$result[n].values$"}
                        ]
                    }
                ]
            });

This didn't work the tokes i used in html, like all other thing i did on this dashboard.
Has annyone a solution to this or an alternative method to achief the same goal

thanks in advance

0 Karma
Reply

cb_usps
Explorer
‎05-31-2016 11:52 AM

You can do "real time" in simple HTML. (At least to the granularity you specified.) I have pasted the source for a panel I use, which uses a 10 minute refresh. If you want 1 minute refresh, use this in place of the line from my example:

  <option name="refresh.auto.interval">60</option>

So, create the search you need and save it to a dashboard, then edit the source and add the "refresh.auto.interval" line to the chart.

example:

<panel>
  <chart>
    <title>CPU Utilization by Host</title>
    <search>
      <query>index=os sourcetype=cpu $hosts$ | timechart span=$span$ avg(pctCPUutil) by host</query>
      <earliest>$tpicker.earliest$</earliest>
      <latest>$tpicker.latest$</latest>
    </search>
    <option name="refresh.auto.interval">600</option>
    <option name="charting.legend.placement">bottom</option>
    ... snip ...
    <option name="charting.axisY.maximumNumber">100</option>
  </chart>
</panel>
0 Karma
Reply

woodcock
Esteemed Legend
‎05-26-2016 10:17 AM

This is very hard to read (understand); perhaps you have time to go back and fix some of the confusing phrasing and spelling (particularly in the title/subject). Why are you using html and not simple.xml?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...