Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multicharts on dashboard

minkyuk
Explorer
‎07-15-2015 07:46 AM

Hello-

Right now I'm trying to figure out how I could put multicharts on dashboard if I have two objects given:
A list of host (1 column), and a script that takes in the name of one host and make a chart out of it.

If I were to loop through the process of putting every host in a list through the script and chart it out and put them on dashboard,
How could I accomplish this in a wiser way than to hardcode it? (50+ hosts in a list)

Thank you for your time,
Jack

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-15-2015 11:48 AM

This should be achievable in JS/HTML dashboards. Basically, run your Python script in an invisible SearchManager, listen to its search:done event, read results, loop over results creating SearchManager objects and their associated charts using your hosts.

This might not be terribly efficient, launching 50 searches for 50 hosts. It'd be better to run one search with a list of those 50 hosts and then pick the results apart for display - depends on too many variables whether this is feasible or not.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-15-2015 11:48 AM

This should be achievable in JS/HTML dashboards. Basically, run your Python script in an invisible SearchManager, listen to its search:done event, read results, loop over results creating SearchManager objects and their associated charts using your hosts.

This might not be terribly efficient, launching 50 searches for 50 hosts. It'd be better to run one search with a list of those 50 hosts and then pick the results apart for display - depends on too many variables whether this is feasible or not.

0 Karma
Reply
Solved! Jump to solution

jeremiahc4
Builder
‎07-15-2015 08:36 AM

I'm not seeing enough details to make a solid recommendation on what your trying to do, but in general you can chart by some value such as this which will place multiple lines on the chart;

<search terms> | chart count by value

Your "value" in this case sounds like it is your hosts, but I don't see what metric you are trying to display per host. There are many functions you could put in there, for instance "avg(cpu)" or "max(time_taken)". I just don't see what you are measuring.

Ref: http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Chart

0 Karma
Reply
Solved! Jump to solution

minkyuk
Explorer
‎07-15-2015 10:37 AM

Hello, sorry for the lack of details.
I meant to say that I need an individual chart for every host. And for each host, the information is extracted by a python script which I timechart it.
So, I want a dashboard of 50 individual charts.. each one for different host.

but I only have a list of hosts and a python script. For example,

| lp_py disk HOSTNAME | timechart used_mb

would give me a single chart for a host.

But If I were to repeat this for every host on the list I have, I can't think of any other methods than to hardcode.

Do you have any idea?

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...