Dashboards & Visualizations

How to generate a chart to display how often a device is sending a log to Splunk?

rogueakula
Explorer

I am looking to see how often all of my devices are sending logs to Splunk. We recently applied a hotfix and it seems that it has seriously degraded the number of logs, and the frequency that they are being received. I would like to graph it to see if they were indeed affected by this patch. Thanks!

-Josh

0 Karma

mattymo
Splunk Employee
Splunk Employee

I recommend you take a look at meta woot! https://splunkbase.splunk.com/app/2949/

It is a great app and provides many useful views that help trend events, license usage, and indexing by host, sourcetype and index

It leverages a scheduled tstats search to a summary index. that will allow you to trend your events and license over time, and can even form the basis of alerting on hosts that have gone missing or are indexing behind or ahead.

you could effectively do the same thing with a simple tstats command like:

| tstats prestats=t count by host, _time
| timechart count by host 

Which should work quick and dirty, but meta woot! will provide a better experience over time without re-inventing the wheel.

- MattyMo
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...