Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Trigger without alert?

wuming79
Path Finder
‎06-04-2017 08:27 PM

Hi,

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold

Is it possible to use Marker Gauge in Visualization to show that there is a trigger of temperature above 50?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

View solution in original post

Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 09:55 PM

Hi Wuming79, can you give us more info please...
the gauge can be used when we get only one result (a single value result).
like, the count of servers, count of errors, etc..

more details -
https://docs.splunk.com/Documentation/Splunk/6.6.1/Viz/CreateGauges

Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:35 PM

My live logs are showing temperature of a device. I like to use dashboard to display the temperature of the live input when it goes over 50. As I can't use the alert feature because the feature was disabled, I like to use dashboard as an alternative for the time being to show that I can see the temperature is over the threshold of 50C.

0 Karma
Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:37 PM

I figured I could just use the search below to display single column. Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike?

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...