Use of motion sensors with Arduino boards that transmit their data to Splunk for use as section radar data to measure vehicle speed.
- 2 x Arduino R4 Wifi
- at least 6 x connector wires
- 2 x HC-SR501 sensors
-
1 x Splunk server that meets the editor hardware requirements
-
1 x WiFi network with /24 netmask or more (necessary to have unique sensor host values)
- Splunk :)
- Arduino IDE
Create a destination index for the data (through indexes.conf file in CLI or Settings > Indexes in WebUI)
Create an HTTP Event Collector input to receive data (through inputs.conf file in CLI or Settings > Data Inputs in WebUI)
Important
Note the destination sourcetype as it will be configured later for time extraction
Important
Note the token that is generated as it will be used in the Arduino code to authenticate !
Otherwise no worry, it can be retreived in inputs.conf or Settings > Data Inputs in WebUI
Configure following settings in props.conf and transforms.conf files with correct permissions.
props.conf :
[<your_sourcetype>]
category = Custom
pulldown_type = 1
TRANSFORMS-arduino-r4 = set-arduino-timetrasnforms.conf :
[set-arduino-time]
INGEST_EVAL = _time=strptime(mvindex(split(_raw," -"),0),"%d-%m-%Y %H:%M:%S.%3Q")Note
Don't forget to set metadata if necessary and restart Splunk service or make a debug/refresh to apply changes.
| Sensor pin | Arduino pin |
|---|---|
| VCC | 5V |
| OUT | D2 (your choice, need to be changed in code if necessary) |
| GND | GND |
Create a new project in Arduino IDE with the two files of this repo : arduino_r4_radar.ino and arduino_secrets.sh.
Set the values in arduino_secrets.h for your environment
Adapt if necessary the following values in arduino_r4_radar.ino :
- sensorPin (corresponding to the Arduino pin on which sensor is connected for OUT sensor pin)
- port (for Splunk HEC port if you changed it, 8088 by default)
- setServer (for NTP server)
- Timezone name (don't forget to change also it anywhere else in the file !)
- your timezone in the line with
setLocationcommand
Connect each Arduino board one by one and upload the code on it.
The following results should be displayed on Arduino serial monitor if all settings and wirings are correct and if a motion is detected by the sensor :
Then, if you search your data in Splunk for the corresponding index and sourcetype, you should get these kind of data with the correct timestamp :
Congrats 👍 ! You can then Splunk it and use these data to calculate the speed and make dashboards on it !
Tip
Example of SPL request (specific to my environment but in case this can help you to begin) :
index=arduino
| eval position=if(host="sensor163","L","R")
| transaction maxevents=2 maxpause=2 mvlist=true keeporphans=false maxspan=1s
| where mvindex(host,0)!=mvindex(host,1)
| table _time,_raw,duration,host,position
| eval distance=3.4, direction=if(mvindex(position,0)="L","out","in")
| eval ms=distance/duration
| eval kmh=round(ms*3.6,0)
| where kmh<75 AND kmh>15
| eval kmh=kmh-5
| eval result=if(kmh-30<=0,0,kmh-30)
| eval fine=if(result>0,135,0)
| eval license_points=case(result<5,0,result>=5 AND result<20,1,result>=20 AND result<30,2,result>=30 AND result<40,3,result>=40 AND result<50,4,true(),0)
| eval result=case(result>0 AND result<5,"Less than 5 km/h",result>=5 AND result<20,"Beetween 5 and 19 km/h",result>=20 AND result<30,"Beetween 20 and 29 km/h",result>=30 AND result<40,"Beetween 30 and 39 km/h",result>=40 AND result<50,"Beetween 40 and 49 km/h",true(),"OK")
| table _time, direction, kmh, result, fine, license_points