##Preview
Simple Dashing job template to run splunk® enterprise blocking queries.
##Dependencies
splunk-sdk-ruby. More info at splunk Ruby SDK page.
Add it to dashing's gemfile:
gem 'splunk-sdk-ruby'
and run bundle install
. Everything should work now :)
##Installation
- Copy
splunk_query_template.rb
into the/jobs
directory or type:
dashing install 11221b6ea30a35c7cdc6
- Put the
splunk_connection.yml
file into the/config
directory (create the directory if it does not exist).
##Usage
- Put correct splunk connection information (host, port, username, and password) in the
splunk_connection.yml
file. - Change
splunk_query_template.rb
file name to something more appropriate, put the query you want to execute, and suitable code to process the results in the file. Seesplunk_query_list_example.rb
andsplunk_query_table_example.rb
files to get an idea of the query format and result processing. - Add the necessary HTML snippet to the dashboard layout erb file.
Example:
<li data-row="1" data-col="1" data-sizex="1" data-sizey="2">
<div data-id="myWidgetId" data-view="List" data-unordered="true" data-title="My cool splunk query result" data-moreinfo="Data from splunk" style="background-color:#2F4F4F"></div>
</li>
##Compatibility The widget was tested with the following splunk versions.
Splunk | Tested By | Verified |
---|---|---|
6.3.0 | Antony Jesudhason | OK |
6.2.5 | Antony Jesudhason | OK |
The ruby SDK doesn't play nice if you have a load balanced setup, unless you hard code to one of the search heads (this may not be possible if you are using splunk cloud). You may be better off using the python SDK instead.
If you do want to use python here are some snippets that may or may not help.
Method to send stuff to dashing (you can't use send_events a la ruby)...
To collate the results and create something along the lines of the ruby hash...