All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Semaphores

gcusello
SplunkTrust
SplunkTrust
‎02-26-2014 08:13 AM

eed to show in a dashboard if one or more servers is up or down.
How can I do this?
I tried to create a search that counts the processes of each server:
* if the count is >0 the server is up,
* when the count is = 0 the server is down.
I would show a green pie when the server is up and a red pie when is down.
The problem is that when the server is down I haven't any log so the result is null and I don't know how to show zero
Thank you in advantage.
Bye.
Giuseppe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-08-2016 08:22 AM

I used this solution:

| inputlookup server_list.csv | eval count=0 | append [ search index=xxx | stats count by host ] | stats sum(count) AS Total | where Total=0 | table host

In this way I have all the servers of my lookup that don't are present in my logs.

Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-08-2016 08:22 AM

I used this solution:

| inputlookup server_list.csv | eval count=0 | append [ search index=xxx | stats count by host ] | stats sum(count) AS Total | where Total=0 | table host

In this way I have all the servers of my lookup that don't are present in my logs.

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎02-26-2014 10:49 AM

I use a set union of my search with a inputlookup of a CSV list of expected servers. This enables a server to appear in the results even if no events are found for it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...