Weather Alerts in Splunk

Its been a couple of years since I first created the current weather conditions app that is on Splunkbase, so I decided to do something similar that is a little more timely. Current weather conditions are nice events to index as they give a time line for how things are going at a particular location and provide a basis for trend analysis. However, they do not provide insight into upcoming severe weather, which are more important events to track.

Fortunately, the weather underground provides a REST API to gather severe weather alerts using a zip code. I built a scripted input Python script to gather these alerts and the standard output of each call is indexed by Splunk. The script is invoked in a configurable fashion by Splunk every hour for a list of zip codes of interest to the user. The list of zip codes is also configurable as each Splunk install will have its own favorite list. To avoid noise in the index, if there are no alerts for a zip code being checked, no output is sent to the index. I also provide a configurable scheduled saved search that will email a Splunk alert for monitored severe weather conditions. As usual, you can download this app from Splunkbase. It comes with a sample workflow action, a sample dashboard and 6 reports, a few of which are shown here.

weather alert report

Sample Reports

For international users, if you can use a REST API that can deliver severe weather alerts by some geographical location such as city and country combination, you can reuse this app’s framework to build your own internationalized version of the app.

Nimish Doshi
Posted by

Nimish Doshi

Nimish is Director, Technical Advisory for Industry Solutions providing strategic, prescriptive, and technical perspectives to Splunk's largest customers, particularly in the Financial Services Industry. He has been an active author of Splunk blog entries and Splunkbase apps for a number of years.