Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Report and a dashboard

viji261992
Explorer
‎10-06-2018 12:57 AM

Our splunk is receiving events from network devices, which contains hostname, eventuei="error reason", eventtime.
1. I need to create a report which display the hostname, corresponding error reason , eventtime and no. of alerts generated
2. I need to create a dashboard with device name in the x-axis no. of alerts in the y-axis
3. A complete dashboard which shows total no. of hosts in my company, no. of hosts working fine, no. of hosts are down based on error reason

Tags (1)
0 Karma
Reply

soumyasaha25
Contributor
‎10-09-2018 06:09 AM
  1. index=opennms sourcetype=event | stats values(eval(strftime(_time,"%Y-%m-%dT%H:%M:%S"))) as time_new list(nodeid) as hostname count by eventuei Note: The assumption here is that you have the hostnames in the field "nodeid"
  2. index=opennms sourcetype=event | stats values(nodeid) as hostname count by eventuei | fields - eventuei after running this search go to the visualization tab and select chart type as "clolumn chart" and then save it as a dashboard
  3. index=opennms sourcetype=event | timechart span=1h distinct_count(nodeid) as hostcount - for "total no. of hosts in my company" save it as a dashboard panel

i will look into it again when i have some more time, meanwhile can you check if the above searches work/meet your requirements.

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:20 AM

@viji261992

Can you please share sample events?

0 Karma
Reply

viji261992
Explorer
‎10-06-2018 01:36 AM

2018-10-06 08:33:04.248, eventid="160109240", eventuei="uei.opennms.org/XOM/threshold/wan_routers/int-rx-util-rearm", nodeid="15925", eventtime="2018-10-06 08:33:04.248", ipaddr="x.x.x.x", eventlogmsg="Interface Gi2/0/2 on GQEGJ-WANRTC002 RX (58.21%) exceeded threshold has cleared", eventseverity="3", alarmid="24607406", nodelabel="GQEGJ-WANRTC002"

This is the log that we are getting from our tools
Search : index=opennms sourcetype=event

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:56 AM

@viji261992

Can you please describe below fields? I need hostname , device name and correlation idea as per your requirement.

alarmid
eventid
eventlogmsg
eventseverity
eventtime
eventuei
ipaddr
nodeid
nodelabel

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...