Re: Using Status Indicator visualization to change...

brandonbachman · ‎12-31-2019

I am trying to use the Status Indicator visualization but I am unsure about the syntax. I have a search query that looks like this:

server="SERVER-1"
  | eval server="SERVER-1"
  | stats count
  | eval color=if(count<=0, "#dc4e41", "#65a637"), icon=if(count<=0, "times-circle", "check-circle")

The panel should show the server name (SERVER-1) while the background color and icon changes according to count (if count<=0 the background should be red, otherwise the background should be green). Same idea for icons "times-circle" and "check-circle".

The first picture is what I have. The second picture is similar to what I want it to look like (it should also show an icon). Is there something wrong with my syntax? I don't want the count to be displayed, just the server name. I need the background color and icon to change based on count.

WHAT I HAVE:

WHAT I WANT IT TO LOOK LIKE:

to4kawa · ‎12-31-2019

<form>
  <row>
    <panel>
      <table>
        <search id="bStats">
          <done>
            <condition>
              <set token="value3">$result.server$</set>
              <set token="color3">$result.color$</set>
              <set token="icon3">$result.icon$</set>
            </condition>
          </done>
          <query>| makeresults
| eval server="SERVER-1" 
| stats count by server
| eval color=if(count<=0, "#dc4e41", "#65a637"), icon=if(count<=0, "times-circle", "check-circle")
| table server icon color</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
    <panel>
      <viz type="status_indicator_app.status_indicator">
        <search base="bStats">
          <query/>
        </search>
        <option name="height">115</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <option name="status_indicator_app.status_indicator.colorBy">field_value</option>
        <option name="status_indicator_app.status_indicator.fillTarget">background</option>
        <option name="status_indicator_app.status_indicator.fixIcon">warning</option>
        <option name="status_indicator_app.status_indicator.icon">field_value</option>
        <option name="status_indicator_app.status_indicator.precision">0</option>
        <option name="status_indicator_app.status_indicator.showOption">1</option>
        <option name="status_indicator_app.status_indicator.staticColor">#555</option>
        <option name="status_indicator_app.status_indicator.useColors">true</option>
        <option name="status_indicator_app.status_indicator.useThousandSeparator">false</option>
      </viz>
    </panel>
  </row>
</form>

Hi, @brandonbachman
Simple xml : I want to create cool single value display html

Please refer to the answer I asked earlier.

Using Status Indicator visualization to change color based on count

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7