Metrics Data collection Via Collectd(Part-2)


Let's see tables in action. Jim, an IT analyst, has been receiving complaints about issues with mobile and web access over the past week. Jim starts by searching the web logs, then uses tables to explore in depth. First, he selects the fields that may hold clues to what is going on, then he starts preparing the data for easier analysis. He creates a new field called event_time in an easier to read format. Next, he familiarizes himself with the data to identify preparation needs and formulate hypotheses. Example-- he notices that the time taken for web requests has a high average and much lower median, suggesting that a subset of requests is taking a long time. Could this problem be related to the referer_domain? To determine that, first he enriches the dataset with a look-up of understandable descriptions of the web status codes. Next, he replaces the referer_domain URLs with more descriptive mobile and web. He could similarly cleanse the data by replacing null values as well. Then he filters by mobile referer domain and notices that all status types are now server errors. Looks like this problem needs to be investigated by the mobile web team. All this time, steps in the data preparation process have been tracked and SPL autogenerated. Jim can remove any steps if needed or open SPL in search for use in troubleshooting. For now, Jim saves this table so that he can reuse in the future or share with other team members. Finally, he uses the pivot tool to create a time chart visualization of the server errors over time. He saves this visualization as a report that he can send to the mobile web team for follow-up. When Jim is ready to move on to his next task, he can navigate to the Datasets page to select another table to work with. That's tables-- a way for power users to perform their tasks faster, while empowering occasional users to independently do their own analysis. Try tables today with your data. Download Splunk Enterprise and the datasets add-on.