Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Report and a dashboard

viji261992
Explorer
‎10-06-2018 12:57 AM

Our splunk is receiving events from network devices, which contains hostname, eventuei="error reason", eventtime.
1. I need to create a report which display the hostname, corresponding error reason , eventtime and no. of alerts generated
2. I need to create a dashboard with device name in the x-axis no. of alerts in the y-axis
3. A complete dashboard which shows total no. of hosts in my company, no. of hosts working fine, no. of hosts are down based on error reason

Tags (1)
0 Karma
Reply

soumyasaha25
Contributor
‎10-09-2018 06:09 AM
  1. index=opennms sourcetype=event | stats values(eval(strftime(_time,"%Y-%m-%dT%H:%M:%S"))) as time_new list(nodeid) as hostname count by eventuei Note: The assumption here is that you have the hostnames in the field "nodeid"
  2. index=opennms sourcetype=event | stats values(nodeid) as hostname count by eventuei | fields - eventuei after running this search go to the visualization tab and select chart type as "clolumn chart" and then save it as a dashboard
  3. index=opennms sourcetype=event | timechart span=1h distinct_count(nodeid) as hostcount - for "total no. of hosts in my company" save it as a dashboard panel

i will look into it again when i have some more time, meanwhile can you check if the above searches work/meet your requirements.

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:20 AM

@viji261992

Can you please share sample events?

0 Karma
Reply

viji261992
Explorer
‎10-06-2018 01:36 AM

2018-10-06 08:33:04.248, eventid="160109240", eventuei="uei.opennms.org/XOM/threshold/wan_routers/int-rx-util-rearm", nodeid="15925", eventtime="2018-10-06 08:33:04.248", ipaddr="x.x.x.x", eventlogmsg="Interface Gi2/0/2 on GQEGJ-WANRTC002 RX (58.21%) exceeded threshold has cleared", eventseverity="3", alarmid="24607406", nodelabel="GQEGJ-WANRTC002"

This is the log that we are getting from our tools
Search : index=opennms sourcetype=event

0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎10-06-2018 01:56 AM

@viji261992

Can you please describe below fields? I need hostname , device name and correlation idea as per your requirement.

alarmid
eventid
eventlogmsg
eventseverity
eventtime
eventuei
ipaddr
nodeid
nodelabel

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...