Splunk Tutorial
Selected Reading
- Splunk - Discussion
- Splunk - Useful Resources
- Splunk - Quick Guide
- Splunk - Stats Command
- Splunk - Top Command
- Splunk - Sort Command
- Splunk - Monitoring Files
- Splunk - Custom Chart
- Splunk - Removing Data
- Splunk - Apps
- Splunk - Tags
- Splunk - Calculated Fields
- Splunk - Managing Indexes
- Splunk - Sparklines
- Splunk - Overlay chart
- Splunk - Basic Chart
- Splunk - Event Types
- Splunk - Search Macros
- Splunk - Subseraching
- Splunk - Knowledge Management
- Splunk - Schedules and Alerts
- Splunk - Lookups
- Splunk - Pivot & Datasets
- Splunk - Dashboards
- Splunk - Reports
- Splunk - Transforming commands
- Splunk - Search Optimization
- Splunk - Search Language
- Splunk - Sharing and Exporting
- Splunk - Time Range Search
- Splunk - Field Searching
- Splunk - Basic Searching
- Splunk - Source Types
- Splunk - Data Ingestion
- Splunk - Interfaces
- Splunk - Environment
- Splunk - Overview
- Splunk - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Splunk - Sparklines
Splunk - Sparkpnes
A sparkpne is a small representation of some statistical information without showing the axes. It generally appears as a pne with bumps just to indicate how certain quantity has changed over a period of time. Splunk has in-built function to create sparkpnes from the events it searches. It is a part of the chart creation function.
Selecting the Fields
We need to select the field and the search formula which will be used in creating the sparkpne. The below image shows the average byte size values of the some of the files in the web_apppcation host.
Creating the Sparkpne
To create the Sparkpnes from above statistics, we add the Sparkpne function to the search query as shown in the image below. The table view of the above statistics now starts displaying the sparkpnes for average byte size of those files. Here, we have taken All Time as the time period for calculating the variation in average byte size of files. If we change this time period, then the nature of the graphs will change.
Changing the Time Period
If we change the time period for the above graph from All Time to Last 30 days, we will see the sparkpnes to be pttle different as shown below. Here we need to note, how few file names have vanished from the pst as those files were not available in that time period.
Advertisements