All Apps and Add-ons

Hi guys, is there a way we can create a dashboard that display the flow of a call.

sagar1905
New Member

The scenario is that I enter a search term, in my case it a CR - correlation ID that pulls the whole journey of the call. The logs contain different information like the URL it hits, the origin, the target, the time taken, http status code, http method etc. I want to create a dashboard which displays the flow of the call of which URL/Server its hitting at each step with the success or error code. Has any one come across such dashboard or knows how to create one?

0 Karma

niketn
Legend

@sagar1905, if you are on Splunk 6.6 or higher you can try Status Indicator with Trellis Layout to show a call's status.

https://wiki.splunk.com/User_talk:Niketnilay#Topic_15:_Following_is_an_example_of_Orderflow_Status_T....

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

jcoates
Communicator

Nice! That looks cool.

0 Karma

niketn
Legend

@sagar1905, is your issue resolved. Please check and confirm!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jcoates
Communicator

It depends what you want. Say you've got a reference number... that's fairly easy to collect from the user and pass to something like

index=intlsales sourcetype=intlsales_transaction reference_number=$input$
| transaction reference_number 

or

index=intlsales sourcetype=intlsales_transaction reference_number=$input$
| stats count by action

to get a table like

action                count 
transaction           1
transfer_money        1
verify_acct_success   1
verify_inv_success    1 

To then turn that into a beautiful graphic is another more complicated job; you might look at the dashboard examples app or splunkbase, but to keep it simple I would just put it in a table and maybe eval some values that would make the table color up properly when told to heat map.

To make alerting decisions based on anomalies in that transactional is a lot harder; we make commercial software that does that.

0 Karma

cmerriman
Super Champion

If every log has an unique id to join upon, you can use transaction. |transaction correlation_id for instance and it will spit out groups of events in order of how they happened.

Depending on what you’re looking at for an output and what the logs look like, that’s the best I can offer. More details about the data and expected output would be nice.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...