All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Flow Map Viz change labels and use Icons

nathanluke86
Communicator
‎10-25-2019 02:40 AM

Could someone help with the following questions:

I would like to expand on my map for http traffic.

I can't seem to workout how to use icons and would like to change labels from good/warn/error to success/redirection/client error and maybe add an extra label for server error (Green/orange/red/blue particles)

I have tried using lookups but from the documentation I don't really understand how to accomplish this. I would be really helpful to see some example spl that also uses lookups so I can visualise how the two work together

So far my map spl is as follows:

index = iis sourcetype="ms:iis:auto" status=$status$
| chart useother=false usenull=false count over webpage by status
| streamstats count as tmp
| untable tmp status count
| stats sum(eval(if(like(status,"2%"),count,0))) as good,
,sum(eval(if(like(status,"4%"),count,0))) as error, ,sum(eval(if(like(status,"3%"),count,0))) as warn
,values(eval(if(status=="Port_Description",count,NULL))) as Port_Description by tmp
| eval from="Traffic", to=webpage
| fields from to error warn good

Any help or pointer would be appreciated.

0 Karma
Reply

nathanluke86
Communicator
‎11-06-2019 12:18 AM

I have managed to do this using the look up provided in the documentaion and by using lookup editor to create the desired format.

Now my dashboard is complete the only issue i have seems to be a bug. When loading the dashboard some icons revert to the standard text box. I am using drop downs which may be causing this issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...