All Apps and Add-ons

How do you use the new Status Indicator Visualization for Splunk 6.4?

faststeak
Explorer

The examples provided in the app were good, but I needed a simpler example.

1 Solution

faststeak
Explorer

The viz allows for a number and/or an icon. The color and icon can be static or set with the rangemap command.  The icons are from the Font Awesome library. The viz uses 3 fields: a number field(your stat), an icon field, and a color field.
Example Query:
Status Indicator Example:

index=_internal log_level=error
| stats count(log_level) as errors
| rangemap field=errors #65a637=0-0 #f7bc38=1-9 #f58f39=10-99 #d93f3c=100-10000 default=#555
| rename range as range_color
| rangemap field=errors thumbs-o-up=0-0 warning=1-9 stethoscope=10-99 ambulance=100-10000 default=warning
| rename range as range_icon
| table errors range_icon range_color

Details:
1. Perform search to get a single value to be displayed with a stats search
2. Use rangemap to set the color for each range. You can use color names like red, yellow, orange for some colors.
Note: The rangemap command sets a field called range. It fills the field value with the value on the left side of the = if the value of the original field in in the range defined on the right side of the field.
3. Rename range field to avoid a collision from the second rangemap command.
4. Use rangemap to set the icon. Use the name for the icon from Font Awesome.
5. Rename range field to make the field name easier to understand. OCD? Yep, a little...
6. Put the results into a table with the fields in this order: number, icon, color
7. Configure the viz on the Visualization tab

    a. Select the Status Indicator viz.
    b. Format - Icon: Set to display value and icon, set icon to field value.
    c. Format - Colors: Set to Field value

View solution in original post

faststeak
Explorer

The viz allows for a number and/or an icon. The color and icon can be static or set with the rangemap command.  The icons are from the Font Awesome library. The viz uses 3 fields: a number field(your stat), an icon field, and a color field.
Example Query:
Status Indicator Example:

index=_internal log_level=error
| stats count(log_level) as errors
| rangemap field=errors #65a637=0-0 #f7bc38=1-9 #f58f39=10-99 #d93f3c=100-10000 default=#555
| rename range as range_color
| rangemap field=errors thumbs-o-up=0-0 warning=1-9 stethoscope=10-99 ambulance=100-10000 default=warning
| rename range as range_icon
| table errors range_icon range_color

Details:
1. Perform search to get a single value to be displayed with a stats search
2. Use rangemap to set the color for each range. You can use color names like red, yellow, orange for some colors.
Note: The rangemap command sets a field called range. It fills the field value with the value on the left side of the = if the value of the original field in in the range defined on the right side of the field.
3. Rename range field to avoid a collision from the second rangemap command.
4. Use rangemap to set the icon. Use the name for the icon from Font Awesome.
5. Rename range field to make the field name easier to understand. OCD? Yep, a little...
6. Put the results into a table with the fields in this order: number, icon, color
7. Configure the viz on the Visualization tab

    a. Select the Status Indicator viz.
    b. Format - Icon: Set to display value and icon, set icon to field value.
    c. Format - Colors: Set to Field value

danielgp89
Path Finder

Very nice Example!

But if I only want the icon and not the value?

Can I do this?

0 Karma

faststeak
Explorer

Yes. In the Format menu, you can choose to display Value, Icon, or both.

Change the format to Icon Only
Change the example to put the icon field first, and the icon color field last. The viz still requires 3 fields, so put the errors field as the second field.

| table range_icon errors range_color
0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...