Unzip this folder in your Splunk installation $SPLUNK_HOME/etc/apps and restart Splunk. On your R server install OpenCPU (https://www.opencpu.org/download.html). In Splunk go to the setup page of the R app and fill out the address of your OpenCPU installation.
OpenCPU will create a new session (and user) for every request it gets. These sessions will be removed after some time. Packages installed in such a session are not available to other sessions and will be removed once the session is removed. Installing packages globally can be done by installing them to the /usr/local/lib/R/site-library directory or by running the following from the command line:
sudo R
install.packages(<package_name>, lib = "/usr/local/lib/R/site-library")
The full documentation of OpenCPU can be found here: https://cran.r-project.org/web/packages/opencpu/vignettes/opencpu-server.pdf (Chapter 3.2 deals with installing packages)
Search in Splunk, send the data to R and retrieve the full dataset:
search index=_internal | head 10 | runRdo script="return(dataset);"
Using R libraries in Splunk and returning links to images (or the console) instead of results:
| inputlookup iris.csv
| fields - species
| runRdo script="library(corrplot); correlationMatrix = cor(dataset); corrplot(correlationMatrix);" getResults=f
Datatypes and column order (thanks to jedatt01 on Splunk Answers for the example: https://answers.splunk.com/answers/455710/potential-bug-in-r-analytics-app.html)
| inputlookup iris.csv
| runRdo script="
# Fix the random seed
set.seed(1);
# Store the dataset in a variable
my_iris = dataset;
# Seperate the species column from the rest
species = as.factor(my_iris$species);
my_iris = my_iris[ , !(names(my_iris) %in% c('species'))];
# Cast data types
my_iris$petal_length = as.numeric(my_iris$petal_length);
my_iris$sepal_length = as.numeric(my_iris$sepal_length);
my_iris$petal_width = as.numeric(my_iris$petal_width);
my_iris$sepal_width = as.numeric(my_iris$sepal_width);
# Show summaries in the console, use getResults=false to see the link to the console
str(species);
str(my_iris);
# Perform the kmeans
kmeans_iris = kmeans(my_iris, 3);
kmeans_table = table(kmeans_iris$cluster, species);
# Return a dataframe
return(as.data.frame(kmeans_table));" getResults=t
NOTE. The author of this app is not affiliated with the R project, OpenCPU or Splunk.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.