Introduction
Hemanth from the Alliance Department here. In this blog, we'll embark on a hands-on journey to create our own WhatsApp application on Splunk by harnessing WhatsApp data.
Splunk
Splunk is a platform that makes it easier to explore historical and real-time data by gathering, indexing, and analyzing machine-generated data. Organizations looking to extract meaningful insights and discover threats from their data will find it helpful because to its robust search capabilities, monitoring tools, and security measures.
Demo
Let's dive into a step-by-step demonstration:
Exporting WhatsApp Chat History:
Follow this link to learn how to export your chat history from both Android and iOS devices.
Creating the Splunk App:
Log in to your Splunk account and navigate to the app section. Click on "Manage" and then "Create App".
Enter the app name and folder name, then click "Save".
The app "Whatsapp_CM" has been successfully created.
Click on "Settings" and select "Add Data".
Upload your WhatsApp data file and follow the prompts to configure the source type.
Review and submit the settings.
Exploring WhatsApp Data:
Click on the Splunk Enterprise icon and navigate to the newly created app "Whatsapp_CM".
Start searching by setting the search to "All Time" and clicking the search icon and getting all the events.
Now for Extracting new fields, expanding one of the events, click on extract fields.
This time clicking on "prefer to write regular expression".
Enter the below regular expression, click on preview and new fields are created as shown below.
^\[?(?
Click on save, finish for new fields to be successfully extracted and click on "explore the fields i just created".
Building Dashboards:
Create panels to analyze communication patterns, such as top senders, peak messaging hours, and preferred days of the week for communication.
First Creating a Dashboard for top senders by running an all time search over the chat. Next click on sender field and next click on top values.
Customize visualization types and settings for enhanced clarity. Changing to pie chart visualizations.
Changing the limit to 5.
Adding this panel to dashboard, click on save as and click on new dashboard.
Enter all the details, currently choosing classic dashboards of Splunk and click on save to dashboard.
Next creating a panel on which day of the week people mostly talk.
Changing the Visualization to Pie chart.
Adding this panel to dashboard, click on save as and click on existing dashboard.
Selecting the dashboard, entering the panel tittle and click save to dashboard.
Next creating panel to know the most common hours when messages are sent. Again in all time search, go to date_hour and click on top values.
Changing the visualization to bubble chart.
Adding this panel to dashboard, click on save as and click on existing dashboard.
Selecting the dashboard, entering the panel tittle and click save to dashboard.
Enhancing Dashboard Functionality:
Add time pickers to enable flexible time range selection for dashboard analysis, click on edit.
In Add Input, click on Time.
Click on pencil to edit the time picker, change the default from last 24 hr to all time
Edit panels to utilize time picker settings for dynamic data visualization, editing the searches
Set the time range as "Shared Time Picker(field1)" and click on apply
Same way editing for other panels
After all the editing save the dashboard
Bonus: Customization Options:
Explore customization features like toggling between light and dark themes to personalize the dashboard interface.
Conclusion
This hands-on guide has provided valuable insights into leveraging Splunk for analyzing WhatsApp data. By following the steps outlined here, users can unlock powerful capabilities to extract meaningful insights, monitor communication patterns, and enhance decision-making processes.
References
Explore more insights into Splunk and related topics through Classmethod's comprehensive collection of Splunk blogs
12
