How’s Traffic?

By the title of this post, many of you may assume that I am referring to network traffic. However, today’s topic is about monitoring vehicular traffic incidents or what some of us call accidents in most cases. I found a feed from that lists recent incidents for a known USA city if the city is used as the last part of the URL. The information returned explains the jam factor (how crowded the roads are), severity of the incident and its location. Armed with this information, I created a Splunk app around it and put it on Splunkbase for you to use. Instructions are provided on what text file to update to add or delete the cities you are monitoring.

I also have shown this app at the Splunk User Conference the last couple of years in the Splunking Outside the Box session. The thought is monitoring traffic incidents is outside the box of what Splunk was originally used for a few years ago.


Here’s how it works. Every N seconds, a scripted input is called to call my Python program that retrieves one feed result per user supplied city. The program will not output anything if there is no incident for the city as that’s not very interesting to record. The program then gets the description and link to the incident (along with the Jam factor and Severity) to output an event to standard output. After the event is indexed, field extractions are applied to extract fields and searches are run to create the dashboard. Let’s look at the top half the dashboard:

First Half of Traffic Incident Dashboard

In the first panel for each city, there is a color coordinated chart on the count of incidents per severity by city. The color is actually defined in the options part of the simple XML file that defines this dashboard. You can use this approach yourself in your own apps to color coordinate different levels on charts.

The next panel shows the count by incident per severity level in a table. At the top of the table is a total count per column, which simulates a spreadsheet. It uses xyseries as the Splunk command to compute the table. (Credit is given to Splunker David Maislin, who first showed me this approach).

The second part of the dashboard shown below uses the traditional Splunk commands of timechart and top to show jam factors and incidents over time, and top counts of incidents per city.

Bottom Part of Traffic Dashboard

The interesting panel is the one that shows the location of places within cities that have had 3 or more incidents in the last 24 hours. The idea is to avoid these places as their traffic patterns may be disruptive for your commute.

Finally, not shown here is the last panel showing an embedded frogger game that you can play right from your Splunk Web Dashboard, just for fun. This is owned by a 3rd party so it is just an embedded flash game.

Enjoy the app.

Nimish Doshi
Posted by

Nimish Doshi

Nimish is Director, Technical Advisory for Industry Solutions providing strategic, prescriptive, and technical perspectives to Splunk's largest customers, particularly in the Financial Services Industry. He has been an active author of Splunk blog entries and Splunkbase apps for a number of years.

Show All Tags
Show Less Tags