By Splunk March 06, 2008
Inspired by glTail.rb and Digg Lab’s Stack, Splunk Replay is an animated data visualization that “replays” search results as a simulated event stream. The application displays events at a rate proportional to the times at which the events originally occurred.
Each event is represented by a single square particle that flows from its place in a legend of values to its corresponding position in a stacked column chart. Upon landing in the column chart, one of the event’s fields is output in a readable format below the chart. Both the legend of values and the stacked column chart retain the order of their values according to a configurable comparator and truncate older values to make space for new ones. Rolling your mouse over any column displays the field values for that column.
Replay currently consumes csv files and is configurable through an xml file. The current demo charts twikipage edits split by twikiuser (both sorted alphabetically) and outputs truncated raw events below the chart. The simulated event stream is running at a rate 2000 times real time.
I’m currently working on getting Replay hooked directly to Splunk’s API and building out interface elements so that it can be configured visually.
You can check out the wiki page on Replay over at Splunk’s developers wiki.
----------------------------------------------------
Thanks!
jason