Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trigger without alert?

wuming79
Path Finder
‎06-04-2017 08:27 PM

Hi,

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold

Is it possible to use Marker Gauge in Visualization to show that there is a trigger of temperature above 50?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 11:01 PM

(as a comment, i can not attach the photo.. thus adding as an answer)

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
Yes, this will work..
table temperature will give you a single column and the first value of the column will be shown on the gauge. also below the gauge you will get a list of other values.

Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike? ///
it should work i think. you can format the gauge with two colors (green for below 50, red for above 50 and i think you need to run a "real time" search. the gauge will automatically show the value as it changes. )

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Preview file
99 KB
0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎06-04-2017 09:55 PM

Hi Wuming79, can you give us more info please...
the gauge can be used when we get only one result (a single value result).
like, the count of servers, count of errors, etc..

more details -
https://docs.splunk.com/Documentation/Splunk/6.6.1/Viz/CreateGauges

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:35 PM

My live logs are showing temperature of a device. I like to use dashboard to display the temperature of the live input when it goes over 50. As I can't use the alert feature because the feature was disabled, I like to use dashboard as an alternative for the time being to show that I can see the temperature is over the threshold of 50C.

0 Karma
Reply
Solved! Jump to solution

wuming79
Path Finder
‎06-04-2017 10:37 PM

I figured I could just use the search below to display single column. Is it possible to fixed the gauge even after the temperature goes down below 50 after a spike?

temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":\{\"string\":\"(?<endpoint>[^\"]*)\".*\"Event\": (?<mydata>\{.*\})\}$"| spath input=mydata | table temperature
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...