All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Clustered Single Value Map Visualisation - Change Marker Colours

alylanchester
Explorer
‎04-20-2018 03:04 AM

I'm trying to change the colour of my markers on my map. I have this within the query:

> eval redCount = if(TOTAL >=
> 10,TOTAL,0) | eval yellowCount =
> if((TOTAL >= 1 AND TOTAL <
> 10),TOTAL,0) | eval greenCount =
> if(TOTAL < 1,TOTAL,0) |

And then I'm adding this into the XML 

<option name="mapping.fieldColors">{greenCount:0x6dc066,yellowCount:0xffd700,redCount:0xe60026}</option>

I'm basically following the steps detailed here: https://answers.splunk.com/answers/221348/geostats-display-bubbles-on-map-instead-of-pie-cha.html

Problem is that the markers remain green even though my stats value is > 10 (so should display red).

Any thoughts?

Here's the whole of the query: 

index=A sourcetype=B | eval WARNFORTHISERROR=if(MESSAGETYPE=1,0,1) | append [search sourcetype=C index=2196161_23*_scada Type=Error | eval WARNFORTHISERROR=if(Type=Error,0,1)] | search WARNFORTHISERROR=1 |  lookup LOOKUP.csv index OUTPUT latitude longitude | rename latitude as lat longitude as lon | geostats count as TOTAL | eval redCount = if(TOTAL >= 10,TOTAL,0) | eval yellowCount = if((TOTAL >= 1 AND TOTAL < 10),TOTAL,0) | eval greenCount = if(TOTAL < 1,TOTAL,0) |

TIA

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alylanchester
Explorer
‎04-20-2018 03:53 AM

I worked it out myself!

The greenCount, yellowCount and redCount seem pointless as actually there are parameters in the XML that need changing:

<option name="leaflet_maps_app.leaflet_maps.criticalThreshold">2</option>

<option name="leaflet_maps_app.leaflet_maps.warningThreshold">1</option>

View solution in original post

Reply
Solved! Jump to solution
Solution

alylanchester
Explorer
‎04-20-2018 03:53 AM

I worked it out myself!

The greenCount, yellowCount and redCount seem pointless as actually there are parameters in the XML that need changing:

<option name="leaflet_maps_app.leaflet_maps.criticalThreshold">2</option>

<option name="leaflet_maps_app.leaflet_maps.warningThreshold">1</option>
Reply
Solved! Jump to solution

cmoinet
Engager
‎05-20-2019 04:56 AM

Can you show you entire XML ?

It doesn't work for me

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...