Report with Splunk

Intro
Onscreen illo: I suggest we do a montage of different reports like we did in the flash banners and splunk.com homepage animation.

Report_vo_01: "Let's take a look at how easy it is to turn any of your Splunk searches into really cool interactive reports! You're really going to like the variety of charting options and the simplicity of sharing reports with all your friends in operations, security, compliance and even those guys in management."

Screencast

* (Click on home page to search for sourcetype::access_combined last 15 minutes)

Report_vo_04: "Say you're responsible for a web application, and concerned about bandwidth utilization. Start with a simple search for all of your web access logs."

* (Click report on these results)

Report_vo_05: "Now click report on results to report on your search results."

* (Click bytes)

Report_vo_06: "Splunk automatically extracts and names fields from your search results. To pick the fields you want to report on just select the field names from the list. Click on the bytes field to see how many bytes are being transferred for web requests. This creates a new series for your report. You can add multiple series by holding down the command key and clicking on additional fields in the list."

* (select show sum of bytes vs time)

Report_vo_07: "Now pick the statistics you want for the bytes field series. You select sum because you want the sum of bytes from all your search results."

* (select display as line graph)

Report_vo_07a: "Okay, now choose how you want the series displayed in your report. Click on line graph from the menu to chart the series over time as a line graph."

* (split by file)

Report_vo_08: "You've got the total bandwidth for your web application trended by time. You can split your series by file to check out which specific web transactions are using the most bandwidth."

* (Save search as "bytes over time by file" and add it to your dashboard)
* (Show dashboard and drag new graph to the top.)

Report_vo_09: "When you discover a useful report you can save it and add it to a dashboard. Select save from the search menu and type in the name for your report. Now choose the dashboard you want to add the report to. Pretty cool. Now it's always around for quick reference and troubleshooting!"

* (Show an area graph of the following "sourcetype::ps | multikv | timechart max(CPU) by COMMAND")

Report_vo_10: "Here's another great report you'll like. Your server is really slow and you need to figure out what's going on. You're indexing the output of a ps status command and it's a piece of cake to figure out what processes are eating your CPU at any point in time. Splunk is a time machine for your servers."

* (Save this search as "CPU utilization by process" and switch to schedule screen. Run every hour. Enter email address "splunkalerts@gmail.com".)

Report_vo_11: "If you like this report you can save it, run it on a schedule and deliver it via email to any number of recipients. Let's set it up to email you and your team every hour so you can all watch what's going on."

* (Show a stacked bar graph of the following "* startminutesago::60 | filter product_id | timechart count(_raw) by product_id | rename AV-CB-01 as "Amazon Parrot", AV-SB-02 as Finch, FL-DSH-01 as Manx, FL-DLH-02 as Persian, K9-BD-01 as Bulldog, K9-CW-01 as Chihuahua, FI-SW-01 as Angelfish, FI-FW-02 as Goldfish, RP-LI-02 as Iguana, RP-SN-01 as Rattlesnake")

Report_vo_12: "Splunk reports are great for troubleshooting but you can also use reports to mine your IT data for business intelligence. Look how easy it is to create a report of what products sold in your online pet store during the last hour."

Report_vo_13: "The seemless integration of search and report is flexible and powerful. (pause) With just a few clicks you can visualize your search results, drill down on statistics and share information with your team. (pause) There's no database schema to manage or limits on the fields you can use and adapting to new and changing data from any application, server or network device is painless. (pause) Thanks for watching; download Splunk today, and go home early."