- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Clustered Single Value Map Visualisation - Change ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to change the colour of my markers on my map. I have this within the query:
> eval redCount = if(TOTAL >=
> 10,TOTAL,0) | eval yellowCount =
> if((TOTAL >= 1 AND TOTAL <
> 10),TOTAL,0) | eval greenCount =
> if(TOTAL < 1,TOTAL,0) |
And then I'm adding this into the XML
<option name="mapping.fieldColors">{greenCount:0x6dc066,yellowCount:0xffd700,redCount:0xe60026}</option>
I'm basically following the steps detailed here: https://answers.splunk.com/answers/221348/geostats-display-bubbles-on-map-instead-of-pie-cha.html
Problem is that the markers remain green even though my stats value is > 10 (so should display red).
Any thoughts?
Here's the whole of the query:
index=A sourcetype=B | eval WARNFORTHISERROR=if(MESSAGETYPE=1,0,1) | append [search sourcetype=C index=2196161_23*_scada Type=Error | eval WARNFORTHISERROR=if(Type=Error,0,1)] | search WARNFORTHISERROR=1 | lookup LOOKUP.csv index OUTPUT latitude longitude | rename latitude as lat longitude as lon | geostats count as TOTAL | eval redCount = if(TOTAL >= 10,TOTAL,0) | eval yellowCount = if((TOTAL >= 1 AND TOTAL < 10),TOTAL,0) | eval greenCount = if(TOTAL < 1,TOTAL,0) |
TIA
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked it out myself!
The greenCount, yellowCount and redCount seem pointless as actually there are parameters in the XML that need changing:
<option name="leaflet_maps_app.leaflet_maps.criticalThreshold">2</option>
<option name="leaflet_maps_app.leaflet_maps.warningThreshold">1</option>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked it out myself!
The greenCount, yellowCount and redCount seem pointless as actually there are parameters in the XML that need changing:
<option name="leaflet_maps_app.leaflet_maps.criticalThreshold">2</option>
<option name="leaflet_maps_app.leaflet_maps.warningThreshold">1</option>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show you entire XML ?
It doesn't work for me
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
