Is it possible to create a dashboard that gets all or some of its information from an SQL database? We find the dashboard to be an excellent tool but not all of our data is in Splunk.
You can run queries directly from sql using the following (db connect)
dbquery command
http://docs.splunk.com/Documentation/DBX/1.1.1/DeployDBX/Commands
You can run queries directly from sql using the following (db connect)
dbquery command
http://docs.splunk.com/Documentation/DBX/1.1.1/DeployDBX/Commands
Yeah I can see your point. We treat things a little differently with our buckets.
Well for what it's worth we do similar things with that sort of data and it works really well.
I guess putting all of that data into Splunk is an option but I'm a bit concerned with overusing Splunk. It's not a relational database and I don't want to use it for cases where I should be using a rdbms. We have an 18 month turnaround for Splunk data and if I store topology information in Splunk things could get messy. eg, if I write a log every time something changes but an element doesn't change for 18 months then data will be lost. Also, searching very old data in Splunk can be slow.
Yeah I would agree that could be neat. What kind of data is it?
It's anything related a the workings of a large network. It could be performance data, alarms, fault reports, topology information
Use dbconnect to get the data into Splunk and then dashboard it. Not sure you can do it directly but that's a really interesting feature request I think.
Getting the data into Splunk isn't really a good option. Using SQL directly in the dashboard would be the bee's knees of features imo. I would like to see a large number of employees go to Splunk first thing in the morning to get an overview of what is working and what isn't. But not everything is in Splunk so SQL access would make this a complete solution. I could even see some dashboards getting all of their information from SQL or sources outside Splunk.