All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dash board

RAYUDU_NARA
Explorer
‎12-06-2017 06:41 AM

I need one dash board for below data. Like in dash board i want to show, if response_code=200 it is Running if any other response_code it should be Stopped. Please give me the query for the dash board.

url=http://www.google.com/ response_code=200 content_size=2360 timed_out=False title="WCS UAT2 Prod site"

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎12-06-2017 06:47 AM

So many ways to do this, but I would start with this:

<your search> | eval status=if(response_code=200,"Running","Stopped") |table title url status

Edit: Reference http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/CommonEvalFunctions#Compariso...

Edit 2: Changed single quotes to double.

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎12-06-2017 06:47 AM

So many ways to do this, but I would start with this:

<your search> | eval status=if(response_code=200,"Running","Stopped") |table title url status

Edit: Reference http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/CommonEvalFunctions#Compariso...

Edit 2: Changed single quotes to double.

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

RAYUDU_NARA
Explorer
‎12-06-2017 07:18 AM

But in my data only response_code is there.

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-06-2017 07:21 AM

Can you post your actual search, and the results it returns?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

RAYUDU_NARA
Explorer
‎12-06-2017 07:44 AM

url=http://www.google.com/ content_sha224=d300f3403a5cdc4b8d8744824b94816e888a09466b66e8355dce537d total_time=8.56 request_time=8.56 content_md5=042f3f82acbef300711b1a4c07104a48 response_code=200 content_size=2360 timed_out=False title="WCS UAT2 Prod site"

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-06-2017 08:06 AM

This works for me :

| makeresults 
| eval url="http://www.google.com/" 
| eval content_sha224="d300f3403a5cdc4b8d8744824b94816e888a09466b66e8355dce537dx" 
| eval total_time=8.56 
| eval request_time=8.56 
| eval content_md5="042f3f82acbef300711b1a4c07104a48" 
| eval response_code=200 
| eval content_size=2360 
| eval timed_out=False 
| eval title="WCS UAT2 Prod site" 


| eval status=if(response_code=200,"Running","Stopped") 
| table title url status response_code
If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-06-2017 08:07 AM

oh wait - typo in my previous post - the quotes should be double quotes - not single.

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

RAYUDU_NARA
Explorer
‎12-06-2017 08:20 AM

thanks, it is working.

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎12-06-2017 09:12 AM

@RAYUDU_NARA, please accept the Answer if your issue is resolved, and mark this question as answered!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? &#x1f680; We invite you to join our elite squad ...