Re: Splunk Dashboard

sathish2k8 · ‎12-20-2017

Hi Friends,

I am configuring the Splunk dashboard i have 12 services to monitor from 3 servers. i want to list down the services in one dashboard panel and i have to indicate in green if the service is up and running (stats count >1) if the service is down it has to show red color (stats count <1).

Thanks,
Sathish

nickhills · ‎12-28-2017

Hi - I added this post - If you find it useful, please upvote the answer, or add your own solution if you found another way!

https://answers.splunk.com/answers/606762/how-do-i-monitor-jbosstomcatapacheetc-and-raise-an.html

If my comment helps, please give it a thumbs up!

cmerriman · ‎12-21-2017

i think there might be an additional eval that's going to have to be written up. something like: eval subprocess=case(host="Server2" AND match(_raw,"%7771%"),"7771",host="Server2" AND match(_raw,"%7767%"),"7767"..... unless those values are already extracted in a field somewhere. Also, you could use rangemap instead of my eval at the bottom. https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Rangemap

index=os (host=Server1 "-Dpico.name=Process1") OR 
(host=Server2 process_name = "Process2" ( 7771 OR 7767 OR 7768) OR ( process_name = "Process4" (SubProcess5 OR SubProcess6 OR SubProcess7 OR SubProcess8)) OR Process5) OR 
(host=Server3 (process_name = "Process2" ( 7771 OR 7767 OR 7768)) OR ( process_name = "Process3" (SubProcess1 OR SubProcess2 OR SubProcess3 OR SubProcess4)) OR Process5)
|stats count by host process_name subprocess
|eval color=if(count<1,"red","green")

mayurr98 · ‎12-20-2017

have you already written the query for this? or you want someone to write it ? or you want how to show it in color?
and which splunk version you are using?

sathish2k8 · ‎12-20-2017

Splunk 6.5.3, I wrote queries but separately i want to join and list all the processes in same dashboard panel.

Queries:
index=os host="Server1" "-Dpico.name=Process1" |stats count

index=os host="Server2" process_name = "Process2" "7771" | stats count
index=os host="Server2" process_name = "Process2" "7767" | stats count
index=os host="Server2" process_name = "Process2" "7768" | stats count

index=os host="Server3" process_name = "Process2" "7767" | stats count
index=os host="Server3" process_name = "Process2" "7768" | stats count
index=os host="Server3" process_name = "Process2" "7771" | stats count

index=os host="Server3" process_name = "Process3" "SubProcess1" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess2" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess3" | stats count
index=os host="Server3" process_name = "Process3" "SubProcess4" | stats count

index=os host="Server2" process_name = "Process4" "SubProcess5" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess6" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess7" | stats count
index=os host="Server2" process_name = "Process4" "SubProcess8" | stats count

index=os host="Server3" "Process5" | stats count
index=os host="Server2" "Process5" | stats count

Expected output:
Processes | Status
Process 1 GREEN (If Running)
Process 2 RED (Not Running)
.........................................................
.........................................................

Splunk Dashboard

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!