All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Dashboard

sathish2k8
Explorer
‎12-20-2017 10:53 PM

Hi Friends,

I am configuring the Splunk dashboard i have 12 services to monitor from 3 servers. i want to list down the services in one dashboard panel and i have to indicate in green if the service is up and running (stats count >1) if the service is down it has to show red color (stats count <1).

Thanks,
Sathish

0 Karma
Reply

nickhills
Ultra Champion
‎12-28-2017 01:59 PM

Hi - I added this post - If you find it useful, please upvote the answer, or add your own solution if you found another way!

https://answers.splunk.com/answers/606762/how-do-i-monitor-jbosstomcatapacheetc-and-raise-an.html

If my comment helps, please give it a thumbs up!
Reply

cmerriman
Super Champion
‎12-21-2017 05:08 AM

i think there might be an additional eval that's going to have to be written up. something like: eval subprocess=case(host="Server2" AND match(_raw,"%7771%"),"7771",host="Server2" AND match(_raw,"%7767%"),"7767"..... unless those values are already extracted in a field somewhere. Also, you could use rangemap instead of my eval at the bottom. https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Rangemap

index=os (host=Server1 "-Dpico.name=Process1") OR 
(host=Server2 process_name = "Process2" ( 7771 OR 7767 OR 7768) OR ( process_name = "Process4" (SubProcess5 OR SubProcess6 OR SubProcess7 OR SubProcess8)) OR Process5) OR 
(host=Server3 (process_name = "Process2" ( 7771 OR 7767 OR 7768)) OR ( process_name = "Process3" (SubProcess1 OR SubProcess2 OR SubProcess3 OR SubProcess4)) OR Process5)
|stats count by host process_name subprocess
|eval color=if(count<1,"red","green")
Reply

mayurr98
Super Champion
‎12-20-2017 11:24 PM

have you already written the query for this? or you want someone to write it ? or you want how to show it in color?
and which splunk version you are using?

0 Karma
Reply

sathish2k8
Explorer
‎12-20-2017 11:29 PM

Splunk 6.5.3, I wrote queries but separately i want to join and list all the processes in same dashboard panel.

Queries:
index=os host="Server1" "-Dpico.name=Process1" |stats count

index=os host="Server2" process_name = "Process2" "7771" | stats count
index=os host="Server2" process_name = "Process2" "7767" | stats count
index=os host="Server2" process_name = "Process2" "7768" | stats count

index=os host="Server3" process_name = "Process2" "7767" | stats count
index=os host="Server3" process_name = "Process2" "7768" | stats count
index=os host="Server3" process_name = "Process2" "7771" | stats count

index=os host="Server3" process_name = "Process3" "SubProcess1" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess2" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess3" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess4" | stats count

index=os host="Server2" process_name = "Process4" "SubProcess5" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess6" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess7" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess8" | stats count

index=os host="Server3" "Process5" | stats count
index=os host="Server2" "Process5" | stats count

Expected output:
Processes | Status
Process 1 GREEN (If Running)
Process 2 RED (Not Running)
.........................................................
.........................................................

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...