Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trigger without alert?

wuming79
Path Finder
‎06-04-2017 08:27 PM

Hi,

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold

Is it possible to use Marker Gauge in Visualization to show that there is a trigger of temperature above 50?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 09:55 PM

Hi Wuming79, can you give us more info please...
the gauge can be used when we get only one result (a single value result).
like, the count of servers, count of errors, etc..

more details -
https://docs.splunk.com/Documentation/Splunk/6.6.1/Viz/CreateGauges

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:35 PM

My live logs are showing temperature of a device. I like to use dashboard to display the temperature of the live input when it goes over 50. As I can't use the alert feature because the feature was disabled, I like to use dashboard as an alternative for the time being to show that I can see the temperature is over the threshold of 50C.

0 Karma
Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:37 PM

I figured I could just use the search below to display single column. Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike?

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...