CODEWITHSUNDEEP
splunkgraphite
user1724078
user1724078

Reputation: 21

Splunk Graphite Integration

I want to know if Graphite can pull log data from Splunk to draw Graphs. I know Graphite can read data from Nagios, but want to know if it can pull from Splunk also.

Upvotes: 1

Views: 3403

Answers (4)

ampledata
ampledata

Reputation: 21

Here's an app I wrote for Splunk that does exactly this: https://github.com/OnBeep/splunk_graphite

Upvotes: 2

Paul Sanford
Paul Sanford

Reputation: 228

You can also pull data via one of the Splunk SDKs - http://dev.splunk.com/view/sdks/SP-CAAADP7

There is an example on the developer site that shows pulling data from splunk and pushing it to Leftronic - http://dev.splunk.com/view/SP-CAAADSR

There also are a number of visual examples in the JavaScript SDK showing how to pull data from Splunk and visualize with other libraries - http://dev.splunk.com/view/javascript-sdk/SP-CAAAECM

Upvotes: 3

Valor
Valor

Reputation: 1315

This is how it works:

  1. Carbon listen to receive data.
  2. Carbon receives data and stores it in whisper.
  3. Graphite reads from whisper and carbon cache and shows graphs.

There's no pull at all. Submitting data to carbon it's damn easy. It has two ports, one for simple tcp connect and submit one metric per line (metric.name metric.value metric.timestamp), or have a pickle port too.

Usually you will use Logstash or logster to parse application logs with regular expresion and any of those will take care of submitting the resulting metrics to carbon.

Also, if you have a software been able to submit real time metrics by udp, you can use statsd which will listen on udp and on a configured interval sum or average and submit to carbon with a lot of nice settings (like get the 95th percentile, etc).

In summary, I bet whatever log Splunk leave you, you will be able for sure to submit data to graphite.

Upvotes: 0

dannyla
dannyla

Reputation: 1990

If the goal is to chart the data in splunk you can use the chart or timechart command in splunk.

If the gloat is to chart the splunk data in carbon/graphite, depending on the data that you wish to pull out of spunk you should be able to;

  • Create a save search in splunk
  • Use the cli or rest api to execute & gather the results of the save search
  • parse the results then push it into carbon.

Upvotes: 1

Related Questions