Real time Machine Diagrams in Splunk, Part I

I’ve always wanted a way to integrate Splunk machine data with actual diagrams of our network. The idea is to reproduce the look and feel of a computerized system control panel. In the control panel, icons represent components of the system, and as the state these components change, aspects of the diagram change to reflect their significance (icons turn green, red, etc):


Here’s a screen capture of my attempt to create something like this for Splunk.

I call it a ‘Real time Machine Diagram’:

Real time Machine Diagram

Using a Real-time search, this diagram dynamically shades icons representing machines on network. As the error rate of a machine increases (the number of errors coming across in logs increases) the icons turn intensely red; as the error rate decreases, as does the intensity of the red.

This was written using:

  1. OmniGraffle
  2. jVectorMap
  3. Vector Map Splunk App
  4. graffle2svg
  5. Hpricot
  6. Lagunitas IPA

In Part 2 I’ll discuss the magic. Stay tuned!

Greg Albrecht

Posted by


Join the Discussion