Re: How to build Dashboard from scratch

digitalrg · ‎06-22-2014

Hi All,

I am new to Splunk hence bear with my question.
I am forwarding below data from server:



Top 5 process Utilization is as below:

5011 root 2.0 0.7 splunk

13150 axeda 2.0 47.7 java

1 root 0.0 0.0 init

2 root 0.0 0.0 migration/0

3 root 0.0 0.0 ksoftirqd/0

I want to get a Dahsboard Panel with perticular proces like axeda or root showing a graph of 3rd column value.
Since the data is forwarded every 5 mins, I want to see a graph of every 5 mins in X axis and value in Y axis.

Please help.
Thanks,
Raghav

yannK · ‎06-24-2014

For details about the simple XML dashboards : http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/Addreportstodashboard

Login to splunk UI, create the search.
When satisfied with your result, saved it to a panel on a new dashboard (top right option).
Then check the dashboard, and use the edit options to format your graphs or add forms options.

For the search, the events look like PS script results.

what are the fields already extracted ?
Are each line a separate event or are they a multiline event ?
-> to split your events , see the commands http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Multikv

You may also can define fields extractions to retrieve the values. (by example MYPROCESS and MYVALUE)
and when all is done, create your search :

<mysearch> | <myextrations> | where MYPROCESS="root" or MYPROCESS="axeda" | timechart span=5m max(MYVALUE) by MYPROCESS

digitalrg · ‎07-11-2014

Thank you very much.

How to build Dashboard from scratch

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk